Join us on April 7-9, 2021

The first industry event focused on data engineering

Register Today
 

Trifacta Security & Trust Center

 

Trifacta takes the security of its customers’ data very seriously. The Trifacta platform is built with ease of use, performance, reliability, and security at its core to protect your most valuable asset. Trifacta follows rigorous monitoring and controls to ensure that Trifacta complies with regulation programs to assure security, availability, processing integrity, confidentiality, and privacy of customer data.

 

Data Security

Trifacta’s dedicated security team works to ensure that key security practices are in place and operating effectively.

Trifacta is SOC 2 Type II certified. Additional certifications including ISO 27001 and HIPAA are in the process of being confirmed.

GDPR Compliant
SOC 2 Type II Compliant
CCPA Compliant

Please work with your sales representative to view the details of our compliance program including certifications, reports, and pre-filled questionnaires.

Reach out to our team at team@trifacta.com with any security questions. 

Data Privacy

Understand how Trifacta honors your data privacy rights.

Data Protection Privacy
Privacy Policy
Trifacta Website Terms of Use

If you have any questions or concerns regarding our privacy policies, please send us a message to notices@trifacta.com.

How Data Security Works in Trifacta

Trifacta’s data preparation platform is architected with data security in mind.

Trifacta translates user-generated metadata describing data transformation logic into a job executed in a scalable data processing engine (such as AWS EMR, Snowflake, Google Cloud BigQuery or Google Cloud Dataflow).

The job reads, transforms, and writes your data between your source and your target systems with data never persisted outside of your resources. Trifacta uses a secure connection between your source and target systems.

Trifacta’s web-interface is leveraged by users to define the data transformation logic and scheduled job execution. Trifacta stores these definitions in the form of metadata within an encrypted relational database, but Trifacta does not store any of your actual data.

Trifacta inherits existing user permissions set on data resources. As such, users can only prepare the data they have access to.

Because Trifacta provides a single point of access for preparing your data, you can establish a robust self-service analytics governance infrastructure. Everyone within your company can answer their own questions while keeping data sprawl to a minimum and access to sensitive information restricted.

 

FAQ

 
Where is the data stored and processed? In which regions?
Trifacta on Google Cloud Platform (GCP)

Customer data is stored in the customer’s Google Cloud project and is not persisted in any Trifacta controlled Google Cloud project.

To avoid persisting data in the Trifacta environment, Trifacta uses Google Cloud Dataflow within the customer’s project to execute the transformation jobs generated by the Trifacta Software. Customers can select the region used for these jobs within their preferences or at run time.

Trifacta on Amazon Web Services (AWS)

Customer data is stored in an S3 bucket owned by the customer and within their account.

If a customer requests that Trifacta store their data, Trifacta stores the customer data in an encrypted S3 bucket located in the AWS us-east-1 region and uses AWS IAM Roles to manage cross account access securely.

Trifacta uses AWS EMR in the us-east-1 region to execute the data preparation jobs generated by the Trifacta software. Customer data is processed but not persisted in a Trifacta owned AWS account.

 
How is user authentication and authorization managed?
Trifacta on GCP

User authentication is externalized to Google Cloud IAM services. Trifacta fully relies on and inherits from Google Cloud security for any authentication management. Trifacta never stores customer’s passwords.

Data authorization to Google Cloud sources or destinations such as Google Cloud Storage, BigQuery or Google Sheets, is managed by Google authorization services. Based on the Cloud Dataprep edition, these authorizations can be defined at the Dataprep service level or at the user-specific level leveraging IAM and OAuth.

If the customer is accessing other data sources such as applications and databases, the customer must create a connection in the Trifacta Cloud user interface with the proper credentials. These credentials are stored in Google Cloud SQL database and are encrypted using AES-256.

Trifacta on AWS

User authentication is managed by Trifacta. Trifacta does not store user account passwords in plain text or using reversible encryption.

Authorization to files stored by customer-provided AWS S3 buckets is managed by AWS’ customer user/IAM role credentials.

If the customer is accessing other data sources such as applications and databases, the customer must create a connection in the Trifacta Cloud user interface with the proper credentials. These credentials are stored encrypted using AES-256.

 
Is the data encrypted when at rest or in motion?
Trifacta on GCP
Data at rest
  • Customer storage and databases are managed by the customer. Encryption is under the control of the customer.
  • Sample data, intermediate files, file job results are stored in the customer’s Google Cloud bucket. Encryption is under the control of the customer.
  • Dataprep metadata is stored in Google Cloud SQL with AES-256 encryption.
Data in motion
  • Dataflow configuration is managed by the customer. Dataflow encryption is under the control of the customer.
  • Browser communication is encrypted with Transport Layer Security (TLS).
  • All API communications between Google Services are encrypted with TLS.
Trifacta on AWS
Data at rest
  • When the customer storage and databases are managed by the customer, encryption is under the control of the customer.
  • When the data storage is managed by Trifacta, the data is encrypted using AWS KMS.
  • Sample data, intermediate files, file job results are stored in the customer’s bucket when the customer decides to use its own S3 bucket. Encryption is under the control of the customer.
  • Sample data, intermediate files, file job results are stored in the Trifacta’s S3 bucket when the customer decides to have Trifacta to manage its storage. Encryption is under AWS S3’s SSE-KMS option, with a KMS key managed by Trifacta.
  • Trifacta AWS Cloud metadata is stored in an AES-256 encrypted storage.
Data in motion
  • AWS EMR configuration is managed by Trifacta. Transit between AWS S3 and the EMR cluster is encrypted with TLS. Trifacta doesn’t persist customer data on the EMR cluster beyond the duration of a Trifacta job.
  • Browser communication is encrypted with TLS
  • All API communications between AWS Services are encrypted with TLS
 
Does Trifacta comply with GDPR regulation?

Trifacta maintains a privacy program aligned with global privacy requirements. Trifacta complies with the General Data Protection Regulation (GDPR) requirements regarding the collection, use, and retention of Personal Information.

 
Why does Google ask users to share account information with Trifacta during the Cloud Dataprep sign-up process?

This is the standard Google Cloud practice to allow Google Cloud customers to use partner integrated services with the Google Cloud Platform. During the sign-up process, customers must authorize Google to share account information with Trifacta for technical support purposes and sales attribution for billing via Google Cloud services. Account information is limited to email contact in those specific circumstances.

 
Is Trifacta HIPAA compliant?

Trifacta acknowledges the importance of protected health information (“PHI”) as defined in 45 CFR 160.103. The Trifacta Solution is designed so that Trifacta does not require any access to any PHI processed by the Customer using the Trifacta Solution and PHI is not stored within Trifacta’s environment. As a result, the parties do not anticipate that Trifacta will have any access to Customer PHI in the course of providing the Trifacta Solution. Trifacta is, nevertheless, willing to enter into a mutually agreed business associate agreement for the purposes of complying with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), Public Law 104-191, the Health Information Technology for Economic and Clinical Health Act (the “HITECH Act”), Public Law 111-005, and the regulations promulgated thereunder.