# Data managed by Brainboard

### Overview

Brainboard helps you build and manage cloud infrastructures, which means there are areas where either information are manipulated and/or stored.

1. Data manipulated: Brainboard will use this information to do some actions but doesn't store it.
2. Data stored: means that Brainboard keeps this information for future execution.

It also depends on the offering you have the information manipulated and stored are not the same.

Please refer to the [pricing page](https://www.brainboard.co/pricing) if you want to understand all the possibilities you have to use Brainboard.

{% hint style="info" %}
With the self-hosted version, all your information are stored within your infrastructure. Brainboard has no access to it
{% endhint %}

### Type of data

Here are the types of data used by Brainboard:

1. Cloud architectures: are the design of your cloud infrastructure.
2. Cloud resources: all the resources that you use from you preferred cloud provider(s) and their configurations.
3. [Variables](https://docs.brainboard.co/input-output/variables).
4. Secrets: you can choose to store the secrets in your preferred vault solution like AWS KMS, Azure key-vault or HashiCorp Vault and only refer to it through data sources or variables.
   * If you deploy through Brainboard, these secrets will be shared with the runner that will provision the infrastructure.
5. [Terraform state file](https://developer.hashicorp.com/terraform/language/state).
6. [Git information](https://docs.brainboard.co/settings/integrations/git-configuration): contains either your GitHub connection or personal git tokens. It may also include the names of your repository and files.
7. [Cloud providers credentials](https://docs.brainboard.co/data/cloud-providers): these credentials allow you to provision or destroy the infrastructure.
8. Users personal information: We only store the following information about our users:
   * First name
   * Last name
   * Email address
   * Organization name
9. Pipeline information: it contains information about the provisioning of your infrastructure and the deployment workflow you have.

{% hint style="info" %}
The auto-generated Terraform code is not store as a Terraform code. This is one of our solid security strategies. In fact, the code is automatically generated every time you need it.
{% endhint %}

### Encryption

All information stored in Brainboard are encrypted at rest and at transit.

### Data access scenarios

There are 3 scenarios where data is accessed by Brainboard:

#### 1. Design in Brainboard and push to git

In this scenario:

* You design your cloud infrastructure in Brainboard
* Generate the Terraform code in Brainboard
* Then, you push the generated code into your preferred git repository

1. Data manipulated by Brainboard:
   * Architecture diagram.
   * Cloud resources and their configuration.
   * Variables.
   * Credentials to access git repo, unless you want to manually download the code and push it from your laptop.
2. Data stored by Brainboard:
   * Architecture diagram as a `JSON` structure. Not as a diagram.
   * Cloud resources and their configuration.
   * Variables.
   * Credentials to access git repo.

#### 2. Plan in Brainboard and push to git

In this scenario:

* You design your cloud infrastructure in Brainboard
* Generate the Terraform code in Brainboard
* Do a Terraform plan or trigger the pipeline for the plan in Brainboard
* Once your architecture is validated, you push the generated code into your preferred git repository

1. Data manipulated by Brainboard:
   * Architecture diagram.
   * Cloud resources and their configuration.
   * Variables.
   * Terraform state file.
     * If you use a remote backend, Brainboard needs to access it to run some Terraform actions like plan, apply or destroy.
   * Credentials to access git repo, unless you want to manually download the code and push it from your laptop.
   * Cloud provider(s) credentials with at least `read-only` privilege.
2. Data stored by Brainboard:
   * Architecture diagram as a `JSON` structure. Not as a diagram.
   * Cloud resources and their configuration.
   * Variables.
   * Credentials to access git repo.
   * Cloud provider(s) credentials with at least `read-only` privilege.

#### 3. Design & deploy in Brainboard

In this scenario:

* You design your cloud infrastructure in Brainboard
* Generate the Terraform code in Brainboard
* You may want to push the generated code into your preferred git repository
* Deploy with Brainboard, either with `apply` or using our CI/CD engine to trigger your pipelines

1. Data manipulated by Brainboard:
   * Architecture diagram.
   * Cloud resources and their configuration.
   * Variables.
   * Terraform state file.
   * Cloud provider(s) credentials with `read-write` privilege.
   * Credentials to access git repo, unless you want to manually download the code and push it from your laptop.
2. Data stored by Brainboard:
   * Architecture diagram as a `JSON` structure. Not as a diagram.
   * Cloud resources and their configuration.
   * Variables.
   * Cloud provider(s) credentials with `read-write` privilege.
   * Credentials to access git repo.

### Data flow diagram

<figure><img src="https://2733077811-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F7YhVIZuz5Brv8kisTlFL%2Fuploads%2FfPqjrS1O8mGufYNZWix2%2FBrainboard%20HLD.png?alt=media&#x26;token=bb5f830a-27ff-4048-a2e6-c6550b0de355" alt=""><figcaption></figcaption></figure>

### Contact us

Reach out to our security team if you have any question related to the security of your data at `security@brainboard.co`.