Secure and Private.
By Design.

We are committed to security and focused on keeping you and your data safe. Census follow industry-leading standards while syncing your data from your warehouse, to all of your apps.

Secure And Private
Coming Soon

How Census Protects Your Data

As a Census customer, you entrust us with some of your most sensitive and valuable data. We know that in order to earn that trust we must secure every part of our platform.

Novel “low-touch” sync architecture

Our sync engine was designed from the very beginning to use your data warehouse’s own execution engine to perform sensitive operations, meaning that virtually none of your customer data is actually stored on Census’ servers. This makes Census “secure by default” against many common attacks. Read more here →

Built atop the world’s most secure cloud infrastructure

Census runs on top of Amazon AWS, Google Cloud Platform, and Salesforce’s Heroku PaaS. We host our servers in the U.S. and only work with cloud providers whose datacenters are SOC 2 and ISO 27001 certified. These cloud providers guarantee the physical and network security of Census’ servers and help us ensure that our server software is always up to date and protected from any newly-discovered threats.

Use the least privileges needed for handling data

Census does not require superuser access to your data warehouse, and will request the fewest OAuth scopes needed for your SaaS applications (subject to SaaS provider support). Connections between your data warehouse and shared resources such as S3 buckets are performed using minimum privilege STS credentials with short expiration times.

Data encrypted in transit & at rest

Census uses recent TLS versions for all connections between systems: from your browser to our application, from our servers to your data warehouse or SaaS application, and internally between our own services and databases. We do not use self-signed certificates and we regularly audit TLS versions and ciphersuites to avoid any newly discovered weaknesses. Census encrypts its own databases and blob storage at rest and applies an additional layer of asymmetric encryption to protect our core application secrets, like OAuth credentials and API keys.

Data & tools to audit your organization’s Census usage

Census records audit logs of any changes made to your models or sync configurations, telling you which users made changes and when. This includes changes made by Census sales engineers and professional services staff.

Best practices for developing secure software

Census' product, development, and operational teams are composed of industry veterans who have developed secure software and platforms for Google, Amazon, Microsoft, Uber, and Dropbox. Census is developed using isolated staging and production environments, encrypted credentials separated from code, and “infrastructure-as-code” that eases auditing and permits fine-grained access to cloud resources.

We work with third-party security researchers to double-check our work

The Census application code receives regular third-party assessments and penetration tests, as well as continuous automated vulnerability scans. Penetration test results are available upon request to our enterprise customers.

More Information and Responsible Disclosure

Our security is always improving. If you’d like to learn more about our data protection processes, email us.

If you are a security researcher and would like to disclose an issue, contact security@getcensus.com. We are strong advocates for responsible disclosure by independent security researchers. We believe the best way to protect current and future customers is to encourage researchers to come forward with issues and reply promptly.

Our promise to you is:
1. We will read and respond to all reported vulnerabilities.
2. We will not take any harmful action (including legal action) against researches who act ethically and in good faith.
3. We will highlight the contributions of security researchers who make significant reports.

In return we ask:
1. That you do not attempt to access, modify, or delete data belonging to Census customers.
2. That you report issues promptly once discovered.
3. That you do not attempt denial of service against the Census application.

Should you wish to encrypt your correspondence, our public key is ↓
-----BEGIN PGP PUBLIC KEY BLOCK-----mQENBF8oSYABCAC4hpCT7QKcZYv5FZ/+tyU/zGOZbbvWOirHnV14voWK6kCm1fy0
0YsQLZFQ+hBzSE+E1c/Z9d/7RPTQuUz3orW9KJ+UV8uN1Yb2qNSoHljq5W5fvFtQ
P5nLEMZYXuX9npLfWmRveaawydaS2QKMQp1V5U6mIaYlajAi+X5LBzylaxtIC6vu
OnzxGEBl3dO3rklq63MauYy/mf3UENtbMXdN1WxSjApGM+sBNMaczphOvyURsFRL
GiOifiXQ4zpDDljTOxqGXjNhv9WzxgcC3+TpX/nNr5eAYoEvk8+dGV/uY75vMid+
1QHU5bK69vokyyWNML30PAHM5sROx0MeG2gFABEBAAG0LUNlbnN1cyBTZWN1cml0
eSBUZWFtIDxzZWN1cml0eUBnZXRjZW5zdXMuY29tPokBVAQTAQgAPhYhBA4a6TrW
q1stc8Jdv4uZJVzk8U1QBQJfKEmAAhsDBQkDwmcABQsJCAcCBhUKCQgLAgQWAgMB
Ah4BAheAAAoJEIuZJVzk8U1QAksH/1JubecTpfBYmF+q0oI8a/awPp4c6k13N963
U9gKwgAHevOQRgvFdqZqv58SN26cHJCA3MPnZMw3RdiGcg9FGKu9pV7pFWvYYhDj
WwthfaeGVjfIC5SYuI2ddx2S1J0LgRV4EX/I23ypJPVBY0drxGYYgnVLb9eLhEHA
4Iv0u5iLjcOM506XrFPPf2Rbcl8I1QbvSxZviBbD3Y5M7en+sz6B9c707qVLdqii
LmnasxnvAStcWhWP3mycZ1Mq41tLxJYeVJ/037DgiUrmD1XYMdNaost9Yblvg+w6
nOMjTSUfezXzLfk6giXyY1B4cTxWtWz/L6E1tNI65S9ZZW1Sp1y5AQ0EXyhJgAEI
ALZh/E+hzNth5pgeCQtq4C7zejJZXwuiwyVDJUDatbRyhTWpkIW93MRMIFpDse1E
Z57GgQDTAqmObIAtg5KxE+8+U68hP3LmI6eHCPJrveFZe4+lfIycxC7DrKNU3zAI
zCTgQApJL2g84cnASjVdhP/c4UmYcsq/UjsdYVg1HB6hm2IOOg2m72SPCZfuDK5t
lsoqYMKpx1+zt4lCIIlndqRYHGD4NJSI8aUjvd/5OTqsOU3WZ74YlNV8zJo21Qn3
Ts5hyKBcOjP1922CImO2jnv8IjBiGnSBGBW5tozcP9TrYbjMsZJS37EcHsJpJCHo
Z+3Gmgq9+H3gXD2KSRtOOMUAEQEAAYkBPAQYAQgAJhYhBA4a6TrWq1stc8Jdv4uZ
JVzk8U1QBQJfKEmAAhsMBQkDwmcAAAoJEIuZJVzk8U1QezQH/iuj1qC9PRT/Qjc1
YlCYSYatdDY2ij5YobHHUBCJLwv2lVxHjI9gU43Vi1ZhHwtHOYKZcupzlh6e5+1a
GVbKTUSir3KEx8r8Ky86aCmjr3FDIfbEK3VarQkPAuQznBHBWDxwjbjDb9RDbb9/
MtvIEBuvA/TlXqplg9jqE6HyJgJ51rWJppsbTk9jh/H8MIO6XA/n242QFfcVte+2
73/4Rm8uxK7R9IDT9aRpDxADXRqtfaW/fItkF1Qm54/2P2Kz/R+Qy1f013bBn9eX
60s7UrhwSaSHvPrLw5SgYif1XxQMFgPouyE2tByHEMybmj5nue/m5AuVCdREstG/
6H+4mSY=
=4JOF
-----END PGP PUBLIC KEY BLOCK----