Frequently Asked Questions

We Love Clarity and Transparency

Jump or Scroll

General

Get your backend done with ease.
Meaning:
- End backend stress.
- Stop fearing compliance and security.
- Don't waste your resources to build (yet) another backend.
- Focus on your business value drivers (Data, Brand, Processes, UX/UI, Sales, Customer Relations).

basebox is a compliant, secure Health Tech backend out-of-the-box to build and scale any application upon.

basebox is a data management system that combines storage (databases) with universal APIs (based on compiled GraphQL requests) and other functionality in a regulatory-compliant way. It has cybersecurity and regulatory compliance built in.

basebox stops backend stress for frontend/backend developers. It ends worries about cybersecurity, regulatory compliance and performance. Those are all built-in.
Managers reduce the complexity of their job with basebox, creating peace of mind.

basebox reduces the stress off backend developers and is a professional choice.
basebox resolves three conflicting requirements.
1. Regulatory compliance,
2. Cybersecurity,
3. Performance.

basebox lets frontend developers handle the backend like a pro. This way the focus is on the frontend without getting into trouble with the backend.

basebox is compliant with regulations. basebox itself is not a medical product, but an off-the-shelf (OTS) component. To use basebox as a component without problems, we provide all required documentation for a certification audit – already filled out.

basebox supports you in resolving three conflicting demands:
1. Deliver on time
2. Stay on budget
3. Ship quality
A compliant, secure backend development is your biggest risk factor in meeting these demands. Solve them elegantly and inexpensively. Install thousands of hours of professional development time. Meet all regulatory requirements and protect your business from cyber-attacks long term.
A professional decision for your business success and your peace of mind.

For anyone who wants to develop fast, secure, regulation-compliant applications and store data in a database:
frontend developers, backend developers, product managers, project managers, business managers, quality managers, and regulatory affairs managers.

In any industry. For every use case. basebox is particularly well suited for data-sensitive sectors. In principle, you can use basebox whenever a secure, fast, high-performance backend is needed, and secure data management is valued.

Yes, primarily use cases that require regulatory compliance.

In short:
Regulatory compliance and a unique GraphQL to SQL compiler.

basebox focuses on the Health Tech sector with high-security requirements, regulatory requirements, and performance needs. To meet these high demands, basebox has regulation-compliant development, built-in cybersecurity, high performance, and is self-hosted."

Product

No.

The installation process is currently in the making; we will provide detailed instructions as soon as the BETA is available. We are also working on a Docker-based installation.

A few minutes to understand the principles. There is nothing new to learn if you know GraphQL. Your database schema is imported via GraphQL. You will configure basebox, but this is rather straightforward.

You interact with basebox within four places.
1. Install and configure. basebox provides a CLI with simple commands that helps you along the way.
2. Connect the frontend client with GraphQL.
3. Import database schema as a GraphQL schema file.
4. Implement business logic with Python, gRPC-based microservices are coming soon.
Every detail is explained in the documentation.

You implement custom business logic in Python; a gRPC-based microservices architecture is in the making.

basebox is written in 100% Rust. Get to know the benefits.

No. Not at all. You don't come in contact with it.

Yes. Comprehensible, clear, and logical.

Yes. basebox has a universal GraphQL interface. You also use GraphQL to describe your database schema. Additionally, basebox converts GraphQL to SQL via the compiler developed and integrated in Rust. You get back JSON.

Yes. You don't need to install an additional GraphQL server, like Apollo. This saves costs and effort.

No. basebox uses only GraphQL.

There is an "SDK" in the form of documentation.
An SDK, in the classic sense is not necessary.
In the past, SDKs consisted of documentation and required files to integrate software into a system. This is not necessary with basebox because all interfaces are based on open standards (HTTPS, GraphQL, OpenID Connect).

The basebox architecture is designed for performance. It consumes hardly any resources, is fast due to the choice of Rust as the programming language, uses one of the fastest HTTP servers (Actix Web), and complies with clean code principles. These factors also make basebox energy efficient and an active contribution to environmental protection.

GraphQL Compiler/Installer, GraphQL API Server (broker), Database Proxy.
All components are integrated and automatically installed during the installation process.

Yes. The Actix HTTP web server is integrated in basebox. It is ranked 7th out of 439 tested of the fastest web servers. It's written in Rust.

GraphQL, HTTPS.

No. But if there's demand for it, we'll build it in.

Yes. If it speaks GraphQL, you can connect it.

basebox consists of the following components.
- Installer, GraphQL compiler
- Broker (GraphQL API HTTP server)
- Database Proxy and PostgrSQL database
- KeyCloak
Read the Whitepaper to learn the details.

Hosting, Installation, Data Management

basebox is self-hosted. You can store it anywhere. On your terms. On-premise. In your cloud. It uses hardly any storage space and is powerful even on small servers.

Linux with Ubuntu 20.04. or higher, 4 GB Ram, 40 GB hard disk gets you a long, long way.

Any 64 bit Linux (virtually all).

No. PostgreSQL will be installed by basebox if required.

No. basebox is self-hosted by you. We might add a cloud-based managed service if there is demand.

Pass the schema as a GraphQL schema file to the installer, which compiles it into, among others, an SQL script that creates the database schema. That's it.

No. (Semi-)automatic schema migrations are planned for a future release.

Yes. Wherever you want. In your preferred cloud or on premise. But the basebox dbproxy component should run on the same host.

Yes. But you need to create a matching GraphQL schema description file.

Not yet. This is planned for a future release.

basebox has a compiler that translates GraphQL requests into SQL statements. You get JSON back from the server.

No. The GraphQL to SQL compiler does the job.

Cybersecurity

basebox has cybersecurity built-in. It is "secure by design". You can skip the work. Learn more here.

basebox has analyzed the most common attack vectors of cyber-attacks. When designing the software and security architecture, the goal was to close these vectors as much as possible. One factor is the choice of the programming language Rust, which is considered particularly secure. basebox is continuously audited by external auditors. We use methods such as threat modeling, white box, and black box hacking. Learn more here.

Yes. basebox performs threat modeling from the very beginning of development.

Yes. basebox performs independent Pentests performed by external providers.

Yes. Security updates are free of charge. As a basebox user you can install them without any problems and your backend remains secure and up-to-date.

Yes. basebox has both white-box testing performed by external auditors. Learn more here.

Yes. basebox has both black-box testing performed by external auditors. Learn more here.

Yes. basebox contains thousands of lines of code and developer hours. To avoid operational blindness, we regularly have external auditors perform various tests. Learn more here.

Yes. basebox uses OpenID Connect (e.g. KeyCloak), which you can use to define roles and associated access permissions. Learn more here.

Yes. You define roles in your OpenID Connect provider system (e.g. KeyCloak). Learn more here.

Yes. Learn more here.

Yes. OpenID Connect is an extension of OAuth 2.0. Learn more here.

Yes. 2FA is a feature you can and should configure in your OpenID Connect system (e.g. KeyCloak). Learn more here.

Yes. IAM is a feature of your OpenID Connect providing system (e.g. KeyCloak). By the way, if you already have your own KeyCloak servers in operation, you can simply connect them to basebox. The interface for this is built-in.

No. Using other OpenID Connect solutions (Okta etc.) is also possible. Currently, only KeyCloak is tested.

Yes. You can simply connect KeyCloak to basebox. OpenID Connect and OAuth 2.0 are built-in.

Yes. We have not (yet) tested Okta with basebox, but since Okta supports OpenID Connect, it should work.

Yes.

No. This is in our backlog with priority.

Yes. basebox considers all applicable requirements from IEC 81001-5-1.

Yes. IEC 81001-5-1 reflects MDCG 2019-16 guidance requirements and is thus covered by basebox.

Yes. NIST SP 800-53 is part of MDS2 and is thus covered by basebox.

Yes. ISO 27002 is part of MDS2 and is thus covered by basebox.

Yes. IEC TR 80001-2-2 guidelines are part of MDS2 and they are thus covered by basebox.

Regulatory Compliance

Yes. But basebox has been developed specifically to comply with the strictly and extensively regulated Health Tech sector regulations. You can use basebox as a technically secure backend for all data-sensitive sectors. But basebox does not (yet) provide documents specifically for the applicable standards and guidelines in sectors other than health tech.
We have also not reviewed the regulations that apply there. There may be gaps that basebox does not technically cover to comply with the specific sector regulations.
We plan to meet regulatory requirements for all data-sensitive sectors in the future.

No. basebox is an off-the-shelf (OTS) database component that can be integrated in any device that needs database functionality. basebox has no specific intended use and is not a Medical Device.

No. basebox is an off-the-shelf (OTS) database component that can be integrated in any device that needs database functionality. basebox has no specific intended use and is not a Medical Device.

No. basebox is an off-the-shelf (OTS) database component that can be integrated in any device that needs database functionality. basebox has no specific intended use and is not a Medical Device.

basebox, the company, is not a medical device manufacturer but is planning to establish ISO 13485 based quality management system.
basebox, the product, is not a medical device itself. basebox, the product, is a universal, generic data management system provided as a backend framework - useful not for Health Tech alone.
It can be used in any sector where privacy-sensitive data, regulatory compliance, cybersecurity, and performance are at stake.
The legal medical device manufacturer integrating basebox, the product, is responsible for all applicable regulations for medical device manufacturers.

basebox, the company, is not a medical device manufacturer but is planning to establish ISO 13485 based quality management system.
basebox, the product, is not a medical device itself. basebox, the product, is a universal, generic data management system provided as a backend framework - useful not for Health Tech alone.
It can be used in any sector where privacy-sensitive data, regulatory compliance, cybersecurity, and performance are at stake.
The legal medical device manufacturer integrating basebox, the product, is responsible for all applicable regulations for medical device manufacturers.

Yes. But basebox itself is not a medical device. It is a generic data management system. If you use it, it becomes an off-the-shelf (OTS) component of your product. basebox complies with all medical device software development standards applicable to an OTS component (IEC 62304, IEC 81001-5-1, etc.). Those can be used for free during any audit or submission. The legal manufacturer has to comply with the applicable medical device regulations.

Yes. But basebox is not a medical device. It is a generic data management system. If you use it, it becomes an off-the-shelf (OTS) component of your product. basebox provides you with all applicable IEC 62304 documents related to basebox. Those can be used for free during any audit or submission. The manufacturer has to comply with the DiGAV requirements (in Germany). basebox covers the technical and cybersecurity requirements.

Yes. basebox covers the technical and cybersecurity requirements.

Yes. IEC 62304 is a framework for software development. But basebox is not a medical device. It is a generic data management system. If you use it, it becomes an off-the-shelf (OTS) component of your product.
basebox provides you with all applicable IEC 62304 documents related to basebox. Those can be used for free during any audit or submission.

During the development of basebox, we already considered international standards applicable to a generic data management system (e.g., IEC 62304 is used as a framework for software development). But please note so far basebox is developed and designed for use in the EU only.

Yes. But basebox itself is not a medical device. basebox is MDR class agnostic. If you use it, it becomes an off-the-shelf (OTS) component of your product.
basebox provides you with all IEC 62304 documents related to basebox for your audit.

basebox supports GDPR requirements. Since basebox is a generic data management system, you can integrate basebox into your application in a manner that supports all GDPR criteria applicable to your application. As the distributor or manufacturer, you are responsible for the GDPR compliance of your product.

basebox supports HIPAA requirements. Since basebox is a generic data management system, you can integrate basebox into your application in a manner that supports all HIPAA requirements which apply to your application. As the distributor or manufacturer, you are responsible for the HIPAA compliance of your product. Please note so far basebox is developed and designed for use in the EU only.

Yes. basebox stores all interaction data a client has with basebox. You read this data by directly accessing the log file.

basebox is not a service provider for the production of your product but provides you with an off-the-shelf (OTS) backend framework for self-hosting. We cover the provisions of a quality assurance agreement in the license terms.

Technically yes. During the development of basebox international standards were considered as applicable to basebox being a generic data management system (e.g. IEC 62304 is used as framework for software development). But please note so far basebox is developed and designed for use in the EU only.

No. CE certification has to be acquired by the device manufacturer integrating basebox. basebox itself is not a medical device. Instead, it is a generic data management system. This principle applies to all products that integrate basebox and must acquire a CE mark.

Yes. All documents applicable for the off-the-shelf (OTS) component basebox are available.

Yes.

No.

Pricing, Licensing

You start free. Build your app and pay nothing for your first ten users. After that, basebox is always cheaper than developing and running a backend yourself.
Learn more about the simple pricing structure here.

With software licenses.
As a licensee, you get basebox in full and use it as your backend. The frontend client you develop has individual users. basebox charges a monthly license fee per user of your frontend client.

Users are using the app you developed with basebox.
Users are your customers.
Users are pictured here on the right.

image

No.

No.

No. You can have as many sandbox users as you like free of charge.

Your are billed by your number of users, regardless of the amount of data.

No.

There is no additional charge for devices connected to your users' accounts. Any number of devices can be connected per user.

No. You get everything, including full personal support, until you reach more than ten users.

No. Let's talk. We want basebox to always be cheaper than building, maintaining and servicing your own backend.

Yes. Your contract will end at the end of the current month.

No. You always have the full version.

No.

Yes.

No, you rent the basebox. Meaning we give you the rights to use it as long as you want and you pay per registered user per month. You can find the details in the pricing.

Yes. Please get in touch.

Business Value

Up to 90% (€ 300k) less costs for your initial backend development (research, choose, setup, test, build, build, build, build, ..., implement, start building your frontend client).
Up to 95% less costs for ongoing operations (security updates, maintenance, patches, adding new components).

6 - 12 months less initial backend development time.
basebox can be installed and fully configured in one afternoon.
The time to build your frontend client, business logic, and database schema is also reduced by at least 50%. It is safe to say you can get your backend plus frontend development done within two weeks to three months. These times vary and depend on your skills, resources, and experience.

Up to 90% (€ 300k) less initial backend development costs.
6 - 12 months less development time.
Compliant development from day one.
High level of cybersecurity.
Team burnout avoidance.
Focus on business.
Faster to market.
Piece of mind.
Less stress.

Up to 90% (€ 300k) less initial backend development costs.
6 - 12 months less development time.
Compliant development from day one.
High level of cybersecurity.
Team burnout avoidance.
Focus on business.
Faster to market.
Piece of mind.
Less stress.

With basebox, you reduce the complexity of your job because you gain:
peace of mind,
plannable pricing,
long-term security,
smooth certification,
faster time to market,
less operational costs,
less upfront investments,
more independence from developers.

6 - 12 months due to less development time.

You get the documents applicable for basebox as an off-the-shelf (OTS) component. You need them for your submission regarding basebox.
We provide them downloadable anytime for free and keep them up to date with every basebox release.

basebox itself is not a medical device. It is a generic data management system. If you use it, it becomes an off-the-shelf (OTS) component of your product. basebox complies with all medical device software development standards applicable to an OTS component (IEC 62304, IEC 81001-5-1, etc.). Those can be used for free during any audit or submission. The manufacturer has to comply with the applicable medical device regulations.

You can focus on your business value drivers (e.g. data, brand, sales, processes, user experience, user interface) while basebox provides
plannable and simple pricing,
less upfront/initial costs,
less operational costs,
faster time to market.

Either a backend developer (beginner level), or a frontend developer with some backend knowledge (beginner level).

2 Backend + 1 Frontend Developer FTE (full-time equivalent).
Values may vary depending on project scope.
The figures apply to regulated products in data-sensitive sectors.

basebox removes backend stress.
This allows you to focus on the value drivers of your business instead of developing yet another backend.
The backend is not an asset, it's a commodity. It adds no value to your business.
The real value drivers of a digital business are data, brand, processes, sales, and user experience.
Don't waste your resources on the backend. It just needs to get done.
basebox helps you to get your backend done easily and to run it securely at a low cost.

Backend Migration Support

Yes. We help with migration. Let's talk about it. This is the easiest.

Strong cyber security. Built-in compliance. High performance. GraphQL as interface. Business Logic Layer included. Regular updates (reduces maintenance and development costs).

In 4 simple steps.
1. You describe your architecture in a personal video call with basebox (30 min.)
2. basebox describes which tasks must be completed before migration. In addition, basebox specifies which services have to be provided by you (e.g. server setup).
3. When everything is prepared, migration takes place.
4. We test to make sure everything works properly.

This depends on the size of your project; you will get a free quote.

Yes.

Yes, contact us or write us a support ticket. We are happy to help you.

Frontend Possibilities

basebox is independent of the frontend framework you use.
The architecture of basebox empowers you to connect anything you want.
Web browser-based apps; smartphones with connected BLE sensors; autonomous sensors; whatever you use in your frontend.

The interface to basebox uses GraphQL on top of HTTPS. Both are simple, flexible industry standards.

Yes. No matter what you prefer. basebox is independent of the frontend framework you use.
Some examples are React, Angular, Vue, Svelte, Android, iOS.

Yes.
Your frontend programming language choice depends on your application goal. basebox is independent of the language used in your frontend.
Some examples are JavaScript, Python, Java, C, C++.

Yes. basebox has a universal GraphQL API.

No. basebox has GraphQL inside, which provides a lot of flexibility.

Partnership

Yes, a small one.
"Program" is too big of a term, as basebox is a small company in an early stage of development.
We want to recommend professional, quality-conscious service providers to our customers so that they can produce their applications faster and easier.

basebox grows your business in several ways.
1. Expanding your market.
2. Increasing productivity.
3. Let's you grow into your customers.
4. Differentiates you from the competition.

Agencies, IT-service provider, consulting firms, freelance developers. All quality-conscious service providers who want to offer applications with a secure, regulation-compliant backend for their customers at a reasonable price.

None. There are no brokerage fees, success fees, nor any other costs.

Support

Please use the support form.
Or use one of the other contact options.

Please find all contact options here.

Please find all contact options here.

Company

To make innovation development easier, especially in sectors with extensive regulatory and cybersecurity requirements.
The regulatory requirements cause considerably more development effort. As a result, the staffing needs are more significant, and the costs higher.

The waste of resources in innovation development.
We focus on the the backend development. It is expensive, lengthy and complex.
basebox aims to bring costs and time down to zero. With greater cybersecurity and regulatory compliance at the same time.

To make innovation development easier.

We, the basebox founders, spent 4 years working with physicians and scientists developing health tech innovations for the Charité / BIH Berlin.
During this time, we noticed that even the best ideas have difficulty making it to market, and many problems originated the backend development.

Idea Jan. 2021
Business plan (Customer/user interviews, business model, ...) 6/2021 - 11/2021
Technical Proof of Concept development 6/2021 - 1/2022
Product development 6/2021 - ongoing
Company foundation (GmbH) 7/2022
Beta launch 3/2023.

By the founders and two investors (Quidam Beteiligungen, Johanna Konrad)

With software licenses.

Utting am Ammersee, Bavaria, Germany

We love dogs. We own dogs. Dogs are amazing. And yes, we love cats (well, a little) and all other animals, too.