PA Help Center
Training, FAQ, and a searchable knowledge base.
Login Create account
Security · kb

Security, Data, and Backups

How data is stored, what’s encrypted, and how to back up safely.

Updated 2026-02-13

Security and data

What’s stored where

  • Core app data (workspaces, tasks, reminders, inbox items, etc.) lives in the database.
  • Notes, documents, attachments, and reports live in file storage:
  • Local disk when S3_BUCKET is not configured.
  • S3 when S3_BUCKET is configured.

Encryption

  • Connected account credentials (Email/Calendar app passwords, OAuth tokens) are stored **encrypted** on the server using SECRET_KEY.
  • If you rotate SECRET_KEY, plan the migration: previously encrypted secrets may not decrypt.

Backups

Recommended in production:

  1. Database backups (Postgres snapshots or managed backups).
  2. Back up file storage (S3 bucket or local disk).
  3. Keep SECRET_KEY safe; store it in your secret manager.

If BACKUP_ENABLED=true, the app can also write scheduled snapshot backups (default every 12 hours) into the storage backend under BACKUP_PREFIX.

Access control

  • Workspaces are multi-tenant.
  • Roles and module access control which tabs appear and what a member can do.
On this page
Security and data What’s stored where Encryption Backups Access control