Your data security is our top priority. We've built our platform from the ground up with enterprise-grade security controls.
We only access query metadata, resource configurations, and cost data. We never read your actual table data, S3 objects, or query results.
Our service accounts use read-only permissions. We cannot modify warehouses, terminate instances, or change any configurations in your environment.
All connection credentials are encrypted at rest using AES-256 encryption. Keys are managed via AWS KMS with automatic rotation.
We maintain SOC 2 Type II compliance with annual audits covering security, availability, and confidentiality controls.
Every access to your data is logged with timestamps, IP addresses, and user context. Logs are retained for 90 days and available on request.
Enterprise plans include SAML SSO integration and role-based access control to manage team permissions granularly.
Transparency is core to our security model. Here's exactly what data we read from your connected accounts.
We use a read-only role with access to metadata views only
| Data | Access | Purpose |
|---|---|---|
| ACCOUNT_USAGE views | Read | Query patterns & warehouse usage |
| INFORMATION_SCHEMA | Read | Table metadata & storage |
| Query history | Read | Performance analysis |
| Warehouse metrics | Read | Utilization analysis |
| Your table data | Never | — |
| Query results | Never | — |
We use a cross-account IAM role with read-only permissions
| Data | Access | Purpose |
|---|---|---|
| Cost Explorer API | Read | Cost breakdown & trends |
| CloudWatch metrics | Read | Resource utilization |
| Resource tagging API | Read | Cost allocation |
| EC2/RDS describe APIs | Read | Resource inventory |
| S3 bucket contents | Never | — |
| Database contents | Never | — |
Annual third-party audits verifying our security, availability, and confidentiality controls.
Full compliance with EU data protection regulations including data residency options.
BAA available for healthcare organizations on Enterprise plans.
Our security team is happy to answer questions, provide our SOC 2 report, or discuss your specific compliance requirements.