We are committed to security and focused on keeping you and your data safe. Census follow industry-leading standards while syncing your data from your warehouse, to all of your apps.
Our sync engine was designed from the very beginning to use your data warehouse’s own execution engine to perform sensitive operations, meaning that virtually none of your customer data is actually stored on Census’ servers. This makes Census “secure by default” against many common attacks. Read more here →
Census runs on top of Amazon AWS, Google Cloud Platform, and Salesforce’s Heroku PaaS. We host our servers in the U.S. and only work with cloud providers whose datacenters are SOC 2 and ISO 27001 certified. These cloud providers guarantee the physical and network security of Census’ servers and help us ensure that our server software is always up to date and protected from any newly-discovered threats.
Census does not require superuser access to your data warehouse, and will request the fewest OAuth scopes needed for your SaaS applications (subject to SaaS provider support). Connections between your data warehouse and shared resources such as S3 buckets are performed using minimum privilege STS credentials with short expiration times.
Census uses recent TLS versions for all connections between systems: from your browser to our application, from our servers to your data warehouse or SaaS application, and internally between our own services and databases. We do not use self-signed certificates and we regularly audit TLS versions and ciphersuites to avoid any newly discovered weaknesses. Census encrypts its own databases and blob storage at rest and applies an additional layer of asymmetric encryption to protect our core application secrets, like OAuth credentials and API keys.
Census records audit logs of any changes made to your models or sync configurations, telling you which users made changes and when. This includes changes made by Census sales engineers and professional services staff.
Census' product, development, and operational teams are composed of industry veterans who have developed secure software and platforms for Google, Amazon, Microsoft, Uber, and Dropbox. Census is developed using isolated staging and production environments, encrypted credentials separated from code, and “infrastructure-as-code” that eases auditing and permits fine-grained access to cloud resources.
The Census application code receives regular third-party assessments and penetration tests, as well as continuous automated vulnerability scans. Penetration test results are available upon request to our enterprise customers.