WebsiteXTelegram

2.4.3 Security & Compliance

1. Encryption at Rest

• Use AWS RDS encryption (AES-256) for PostgreSQL.

• Enable Redis encryption in transit (if using a managed service or custom config).

2. Encrypted Connections

• TLS between the Node.js backend and both Postgres + Redis (where possible).

• Use minimal privileges in database roles to limit damage if credentials leak.

3. Backups & PITR

• Daily or continuous backups for Postgres.

• Point-in-time recovery (PITR) for critical financial data.

4. GDPR Compliance

• Provide ways to remove user data (including posts, comments) on request.

• Keep minimal PII in the database.

Previous2.4.2.3 Expiry & Eviction PoliciesNext2.4.4 Deployment & Maintenance

Last updated