Security
Your data is very important to you. We take your trust seriously.

Last updated: December 2020
System and Application Security
- Private network for applications and data
- Host Intrusion detection and File Integrity Monitoring software
- Rigorous change management and Software Development Lifecycle
- Annual penetration test and code analysis by third-party security firm
- Regular application of operating system and software library security patches
Access Control
- Support for Single Sign On and user provisioning through SAML
- Role based access controls (RBAC)
- Least-privilege authorization between application services and database
- Temporary credentials for all system access
Data Protection
- All data is encrypted while in transit on public networks and at rest
- Regular rotation of encryption and authentication keys
- Multiple secure, encrypted backups in geographically distributed data centers
Operations
- 24/7 staff on-call for incident management
- Any service impacting event is communicated through status.data.world and our help Twitter account @ddwhelp. Additionally, data.world members may get support at help.data.world
Assurance Programs
- SOC 2, Type II: data.world has completed attestation and audit for 2019.
- HIPAA: data.world has obtained an affirmative HIPAA opinion. Contact legal@data.world to obtain our form BAA
