By default, Speed Kit will not process any cookies, credentials, or other personally identifiable information from the accelerated site. Therefore, Speed Kit will never see any sensitive user data. Further, Baqend's servers neither process nor store cookies or credentials from Speed Kit users.
What Data Is Handled by Speed Kit?
Speed Kit only accelerates GET requests by caching their responses: POST, PUT, and DELETE requests are always processed by the original site and never processed or stored by Speed Kit or Baqend. Speed Kit handles all website requests that are explicitly whitelisted, excluding requests that are blacklisted. Therefore, it is recommended to whitelist only public sections of the page and to exclude sections that expose private data through GET requests (e.g. login, payment, user profile). Speed Kit is built on Service Workers which cannot access third-party credentials or cookies by specification.
Baqend stores data exclusively on the AWS data centers located in Frankfurt, Germany.
EU Data Security
Baqend has a valid Data Processing Addendum (DPA) with Amazon Web Services and can therefore also close data processing agreements with customers. Baqend only stores anonymized IPv4 addresses and deletes them after 10 days: In detail, the last 8 bit of any user IP address is set to zeros in memory, i.e. before touching disk. IPv6 addresses are not stored at all. Baqend will never persist a user's full IP address. Storing of IP addresses can be deactivated on request.