Do you encrypt user information
Arnav Ahuja
4 replies
My SaaS product involves storing documents that user's upload (I train an AI on those notes). To show the user their notes while they chat with the AI, I need to stream it from storage.
Should I be encrypting the notes? What is the best way to handle this situation?
Replies
Jasper Elliot Sinclair@jasperelliotsinclair
Definitely encrypt user data, especially anything sensitive like personal documents. Look into strong encryption algorithms like AES-256. When streaming notes, use HTTPS and decrypt on the client side. Also be transparent with users about how their data is secured. Privacy and security should be top priorities for any SaaS storing user info.
Share
@jasperelliotsinclair Tbh I never thought of this before! Right now we're streaming to firestore storage, which automatically encrypts data. Do you think that should be good? Because unless google gets hacked, their information should be safe.
Yeah encrypting user notes before storing them is good practice for security and privacy. You could encrypt them client-side with the user's password before uploading to your servers. Then when streaming them back, decrypt server-side right before sending to the user's browser. Let me know if you need any suggestions on encryption libraries to use!
@jasonmatthewlewis I like this idea! Will give it a shot and let you know if I run into any issues. Thanks for the suggestion!