Need detailed info regarding Metabase security

Our team is considering to implement Metabase in our project. Can you please give a quick overview on the below questions:

  • How safe is Metabase to install on servers?
  • How secure our systems/database will be when this is connected to MySQL?
  • What if in the event of data breach?

Hi @lavanya
Read this: Metabase security and disaster recovery plan

Can you please be precise in case of data breach?

@lavanya I don't understand the question. What should Metabase (the program) do in case of data breaches?
That's up to you to secure the self-hosted Metabase instance your servers and in case of data breaches, then you might need to report that to authorities depending on the laws of your country.

My question here is, When we connect our database to Metabase, our data will be visible to you. How secure the data will be in this case?

From my understanding, When we connect our database to the metabase, the data is visible. Do you actually have our data here, because we do not provide customers data to external parties.

One more question is, What if breach happens and data gets corrupted?

@lavanya If you are running Metabase (the program) self-hosted, then no data is available to Metabase (the company). And on Metabase Cloud everything is encrypted.
https://www.metabase.com/docs/v0.41/faq/general/does-metabase-have-access-to-my-companys-data.html

Thank you for the information. It was helpful.

Do you take any action from your side in case of data breaches, our data gets corrupted?
What measures do you take to handle such cases?

@lavanya Again, Metabase (the company) have absolutely zero control over your setup and cannot take any "actions". And as for "corrupted", well, then you have given too many privileges to Metabase and forgotten to make backups.

I'm guessing that you are using the free open source version of MySQL - did you ask similar questions to them (Oracle, the company)?
The answer from them, if they provided one, would be similar: you're running MySQL self-hosted and have to secure it correctly and make backups.

You can find the license for Metabase here: https://www.metabase.com/license/agpl/

Got it! Thank you for your response.