Security and Compliance
We built our unified data platform with industry standards to protect your data and ensure compliance while delivering observability and governance.
Decube is built with enterprise-grade practices to ensure stringent security standards and compliance are met.
- Connection to your data sources uses only read-access levels or dedicated service accounts that allow us specific permissions to scan your database.
- Credentials that are used for all connections are stored with double encryption on Decube's servers hosted in AWS and are not accessible internally by Decube's engineers.
- Decube's data collectors only extract metadata, query logs, and aggregated statistics into its cloud service.
- Data extracted from these scans is solely for assessing your data's reliability and providing statistics and incident alerts of which you have opted-in.
- Decube uses encrypted connections (HTTPS and TLS) to protect the contents of data in transit.
- Decube's architecture also supports a setup specifically for enterprise customers where you can host the data collectors within your own cloud infrastructure so you never have to expose any of your data sources to decube's cloud service.
Architecture Overview: data does not leave your VPC.
- Decube is currently working on obtaining SOC II compliance (as of 29 March 2023).
- Decube will sign any NDAs and/or DPAs where it is appropriate.
- Decube, while collecting metadata, query logs, and metrics for the purposes of running the monitoring, cataloging, and recon modules, acknowledges that personal data may be collected and processed. If any such data is passed into Decube, it is used only for the sole purpose of running the monitoring, cataloging, and recon modules.
- Usage of all SaaS applications internally within Decube for operational purposes is vetted with due diligence so that confidential company and personnel data are protected.
Decube's team practices industry best practices across the board to protect the security of the application, and the data privacy of its customers.
- Decube engages a third party to perform an annual penetration test over the application layers of the platform.
- Processing of collected data is conducted on secure servers hosted on Amazon Web Services.
- Decube employees engage in privacy and security training during the onboarding and are required to take an examination after the training. All Decube personnel are required to acknowledge, electronically, that they have attended training and understand the security policy.
- Access to all critical systems and production environments are protected using strong passwords and multi-factor authentication. SSO is also used to centralize access control for certain applications. Access rights are reviewed before being granted, and then periodically reviewed thereafter.
The following information may be processed and stored by Decube on its cloud services:
Understand further how this data is handled below.