Trust

    Last updated: December 5, 2025

    Your data's security, privacy, and reliability are our top priority.

    Duodata is built to give you a business approved metrics layer across platforms like Snowflake and Databricks. That only works if you can trust how we handle security and privacy. This page describes our security and trust posture at a high level. It complements, but does not replace, our Terms of Services and Privacy Policy.

    1. Our approach to security and architecture

    • Duodata follows a control plane and data plane model. Duodata Cloud hosts the user interface, governance workflows, and Git integration.
    • Helper components run in your data platforms, such as Snowflake or Databricks, to generate or validate semantic objects and keep metric definitions in sync with implementations.
    • Your warehouse or lakehouse data stays in your own accounts. Duodata Cloud works primarily with metadata, definitions, and configuration, not raw business data.
    • For Snowflake, our helper agent runs inside your Snowflake account. It uses Snowpark Container Services or similar technology to work with your semantic objects while Duodata Cloud interacts through Git and metadata, not direct access to your warehouse data.
    • For Databricks, our integrations keep metric definitions aligned with notebooks, queries, Unity Catalog, and dashboards without requiring Duodata to ingest your underlying data.

    2. Encryption and infrastructure

    • We host Duodata on reputable cloud infrastructure providers.
    • We encrypt data in transit using TLS and encrypt data at rest using industry standard encryption mechanisms where appropriate.
    • We separate production and non production environments and apply least privilege access to infrastructure resources.
    • We maintain regular backups and disaster recovery procedures designed to protect availability of the service.

    3. Access control and operational security

    • We enforce role based access control for the Duodata application and supporting systems.
    • Access to production systems is restricted to a small number of authorized personnel based on job role and business need.
    • We support SSO options for customers on appropriate plans.
    • We maintain logging and monitoring for key systems and review alerts for unusual or suspicious activity.
    • Engineers and staff receive security awareness training and are expected to follow our internal security policies and guidelines.

    4. Privacy and data protection

    • Duodata follows a privacy by design approach, considering privacy and data protection in product and feature design.
    • We collect and use personal information only as described in our Privacy Policy.
    • We keep personal information only as long as necessary for the purposes described there or as required by law, and we support deletion and export on request where applicable.
    • We do not sell personal information and we do not share personal information with third parties for their own marketing purposes.
    • For California residents and others covered by local privacy laws, we provide additional details and rights in our Privacy Policy and California Privacy Notice.

    5. Reliability and uptime

    • Our infrastructure is designed for high availability and resilience.
    • We monitor key health and performance metrics and use alerting to detect incidents quickly.
    • We plan and test our incident response processes so that we can investigate and resolve issues and communicate status to customers as appropriate.
    • Any specific uptime commitments or service credits, if applicable, are defined in customer contracts or separate Service Level Agreements, not on this page.

    6. Team and culture

    • We have a dedicated security function that works closely with product and engineering teams.
    • Security is part of our onboarding and ongoing training for employees and contractors.
    • We encourage all team members to raise potential security or privacy issues quickly so they can be investigated and resolved.

    7. Transparency and communication

    • We believe trust is earned through openness.
    • If you have questions about how we safeguard your information or want to report a potential security issue, we encourage you to contact us.
    • Where appropriate, we will communicate security related updates or incidents to affected customers.

    8. Compliance and SOC 2

    • We align our controls with industry best practices and SOC 2 requirements.
    • We are actively working toward formal SOC 2 Type II certification.
    • As we achieve new compliance milestones, we will update this page and, where appropriate, provide additional documentation to customers under NDA.

    9. Contact

    If you have questions about security, privacy, or our compliance program, please contact:

    Email: security@duodata.ai

    We appreciate responsible disclosure of any potential security issues and will make every effort to investigate and remediate them promptly.