Wagon is committed to ensuring your data is private, secure, and confidential. We adhere to industry-leading standards to manage our network, secure our web and desktop applications, and set security policies across our organization.

Database Access

When using the desktop application, Wagon connects to your database from your desktop computer, and your credentials are not uploaded to our servers. Your username, password, and SSH key are securely stored in Mac’s Keychain or Window’s Credential Manager. Our servers do not have access to your database or your database credentials.

If you add a Hosted Connection in the web interface, your encrypted database credentials are securely stored on Amazon Web Services.

Data Storage

Wagon uses Amazon Web Services to host your queries, settings, and shared results. When you choose to share a result in Wagon, your data is uploaded to AWS and saved until you delete the shared result. All production hosted infrastructure is managed by AWS. See Amazon’s security policies for more information.

Network Communication

All connections to Wagon’s servers are encrypted with SSL. Insecure connections (HTTP) are upgraded (HTTPS) or rejected. Connections to your database are encrypted with SSL whenever possible.

Company Policies

Wagon regularly reviews and improves its security practices. Employees are trained to act within security policies and access to secure data is logged and audited. For all production and administrative systems, two-factor authentication is required.

Responsible Disclosure

Wagon recognizes the important contributions that our customers and the security research community can make. We encourage responsible reporting of problems with our service. We also recognize that legitimate and well-intentioned researchers are sometimes blamed for the problems they disclose. In order to encourage responsible reporting practices, we promise not to bring legal action against researchers who point out a problem, provided they:

  • Share with us the full details of any problem found.
  • Do not disclose the issue to others until we’ve had reasonable time to address it.
  • Do not intentionally harm the experience or usefulness of the service to others.
  • Never attempt to view, modify, or damage data belonging to others.

If you believe you have discovered a problem, please report it to with any questions.