Salesforce Compare back and frontend is hosted as a whole in GCP. Frontend is hosted in Firebase Hosting and backend in Google Kubernetes.

Frontend is built with Angular and backend service APIs are implemented in NodeJS using NestJS framework.

Database is accessed via Cloud SQL proxy which is running in Google Kubernetes as a sideloaded Docker image. The server app and cloud sql proxy are running in the same pod to provide enhanced security, allowing connections from only the local network interface. Unencrypted traffic does not leave the VM, and only connections from applications on the VM are allowed.

NodeJS docker image is stored in Container Registry. Communication between NodeJS backend service and database is authorized with Cloud IAM. Traffic is strongly encrypted.

All sensitive information is stored in Google Kubernetes Secrets (see more Data Security) and non-sensitive information in Google Kubernetes ConfigMaps

All backend APIs are protected with an id token sent from the frontend. Integrity and authenticity of the token is verified in the backend and the users uid is retrieved.

No sensitive information is stored in the browser either in local storage, IndexedDB or cookies. There are some settings stored in the browser to provide faster access but these are deleted once you navigate away from the app or close the browser.

Cloud Logging, monitoring and error reporting is used to monitor health of application