Security FAQ

Date

FAQ

Does SELECT hold any security certifications such as SOC 2, ISO27001?

Yes, we are SOC 2 Type 2 certified. Please reach out to [email protected] to request a copy of our SOC 2 report.

Do you have a penetration test report?

Yes, we conduct annual, external penetration tests. Please reach out to [email protected] to request a copy of the latest report.

Do you have an security architecture diagram?

Yes, available in our security model documentation.

What region(s) are our services located in?

Our platform is hosted on Google Cloud Platform and Snowflake in the US East regions.

Does SELECT have access to any of our company data in Snowflake?

No. We only have access to the Snowflake metadata database. This includes object metadata and usage metrics for your account. For example, the number and names of the tables in your databases, or the historical queries that have been run in the account. We cannot access any of the underlying tables or datasets in your account(s).

How does SELECT mitigate the risk of customer data exposed in the raw query text?

As discussed in our query text sanitization practices, we do not store any raw query text. All numbers and strings are removed from the query text before it is stored in our databases.

How is customer's data protected and who has access to SELECT data?

All data is encrypted in transit and at rest. Access to a Snowflake customer's metadata is restricted to scenarios which warrant access, such as investigating application issues. In the event access is required, the employee must submit an access request detailing their use case and rationale and receive approval, prior to being temporarily granted access to the customer's metadata.

Does SELECT support 2FA, SSO, or any other defensive options?

Yes. We support most SSO methods (Okta, Microsoft Azure/Entra AD, etc.) and 2FA.

In terms of application security, How does SELECT deal with security reports received from security researchers?

SELECT receives reports through an email address of [email protected]. We review every single report that we receive. We do not have a formal bug bounty program but we do have a process and set of policies and standards we adhere to to process security requests.

Do you have a security contact person in case of breaches?

The team responds to messages at [email protected]. Upon request a security employee can be temporarily assigned to your account as well.

In terms of logging, do you log access activities of SELECT's employees who have access to the data?

Yes.

How is Snowflake metadata managed on the SELECT platform?

SELECT is a cloud-based SaaS web application hosted on Google Cloud Platform in the US East regions. Customer Snowflake metadata is securely copied into SELECT's Snowflake account, hosted in the same cloud region.

The SELECT application is multi-tenant. Snowflake metadata collected for each customer is segregated and stored in a dedicated cloud storage bucket and Snowflake database schema.

What metadata is stored?

Some examples of the Snowflake metadata stored include, but are not limited to:

  • The amount each virtual warehouse warehouse was billed per hour
  • The number of tables in each database, and the size of each table
  • The amount the customer was billed by Snowflake on a particular day
  • How frequently Snowflake's automatic clustering service is running
  • Metadata about the queries being run in an account (query runtime, tables accessed, etc.)

See our security model for a full list of metadata we access.

How is it stored?

Snowflake metadata is stored in both Google Cloud Storage and Snowflake. Data is automatically encrypted at rest using AES 256 encryption in all locations. All application web traffic uses HTTPS encryption.

What are the retention policies?

We store a subset of the customer's Snowflake metadata in our cloud environment. Most metadata we store contains 365 days of usage information. This data is retained as long as the customer is using the product, and is automatically deleted once the customer stops using the product.