Yes, your data is secure, and is always stored by you. When a query (eg. "get all users") is run, the Buildable backend proxies the request to the database, applying the credentials server-side. None of the data returned by your database is stored on our end. We do this because having the end-user's browser connect directly to your database would expose credentials and require you to whitelist every user individually, rather than just the Buildable server.