Secure and Private.
By Design.

We are committed to security and focused on keeping you and your data safe. Census follow industry-leading standards while syncing your data from your warehouse, to all of your apps.

Secure And Private

How Census Protects Your Data

As a Census customer, you entrust us with some of your most sensitive and valuable data. We know that in order to earn that trust we must secure every part of our platform.

Novel “low-touch” sync architecture

Our sync engine was designed from the very beginning to use your data warehouse’s own execution engine to perform sensitive operations, meaning that virtually none of your customer data is actually stored on Census’ servers. This makes Census “secure by default” against many common attacks.

Read more here →

SOC-2, GDPR and CCPA Compliant

We designed Census to store as little sensitive data as possible and we recognize that it's important to be compliant with modern data privacy practices. We have a Data Process Addendum available.

Download our DPA →
Request our SOC-2 Report→

Built atop the world’s most secure cloud infrastructure

Census runs on top of Amazon AWS, Google Cloud Platform, and Salesforce’s Heroku PaaS. We host our servers in the U.S. and only work with cloud providers whose datacenters are SOC 2 and ISO 27001 certified. These cloud providers guarantee the physical and network security of Census’ servers and help us ensure that our server software is always up to date and protected from any newly-discovered threats.

Use the least privileges needed for handling data

Census does not require superuser access to your data warehouse, and will request the fewest OAuth scopes needed for your SaaS applications (subject to SaaS provider support). Connections between your data warehouse and shared resources such as S3 buckets are performed using minimum privilege STS credentials with short expiration times.

Data encrypted in transit & at rest

Census uses recent TLS versions for all connections between systems: from your browser to our application, from our servers to your data warehouse or SaaS application, and internally between our own services and databases. We do not use self-signed certificates and we regularly audit TLS versions and ciphersuites to avoid any newly discovered weaknesses. Census encrypts its own databases and blob storage at rest and applies an additional layer of asymmetric encryption to protect our core application secrets, like OAuth credentials and API keys.

Data & tools to audit your organization’s Census usage

Census records audit logs of any changes made to your models or sync configurations, telling you which users made changes and when. This includes changes made by Census sales engineers and professional services staff.

Best practices for developing secure software

Census' product, development, and operational teams are composed of industry veterans who have developed secure software and platforms for Google, Amazon, Microsoft, Uber, and Dropbox. Census is developed using isolated staging and production environments, encrypted credentials separated from code, and “infrastructure-as-code” that eases auditing and permits fine-grained access to cloud resources.

We work with third-party security researchers to double-check our work

The Census application code receives regular third-party assessments and penetration tests, as well as continuous automated vulnerability scans. Penetration test results are available upon request to our enterprise customers.

More Information and Responsible Disclosure

Our security is always improving. If you’d like to learn more about our data protection processes, email us.

If you are a security researcher and would like to disclose an issue, contact security@getcensus.com. We are strong advocates for responsible disclosure by independent security researchers. We believe the best way to protect current and future customers is to encourage researchers to come forward with issues and reply promptly.

Our promise to you is:
1. We will read and respond to all reported vulnerabilities.
2. We will not take any harmful action (including legal action) against researches who act ethically and in good faith.
3. We will highlight the contributions of security researchers who make significant reports.

In return we ask:
1. That you do not attempt to access, modify, or delete data belonging to Census customers.
2. That you report issues promptly once discovered.
3. That you do not attempt denial of service against the Census application.

Should you wish to encrypt your correspondence, our public key is ↓
-----BEGIN PGP PUBLIC KEY BLOCK-----mQENBF8oSYABCAC4hpCT7QKcZYv5FZ/+tyU/zGOZbbvWOirHnV14voWK6kCm1fy00YsQLZFQ+hBzSE+E1c/Z9d/7RPTQuUz3orW9KJ+UV8uN1Yb2qNSoHljq5W5fvFtQP5nLEMZYXuX9npLfWmRveaawydaS2QKMQp1V5U6mIaYlajAi+X5LBzylaxtIC6vuOnzxGEBl3dO3rklq63MauYy/mf3UENtbMXdN1WxSjApGM+sBNMaczphOvyURsFRLGiOifiXQ4zpDDljTOxqGXjNhv9WzxgcC3+TpX/nNr5eAYoEvk8+dGV/uY75vMid+1QHU5bK69vokyyWNML30PAHM5sROx0MeG2gFABEBAAG0LUNlbnN1cyBTZWN1cml0eSBUZWFtIDxzZWN1cml0eUBnZXRjZW5zdXMuY29tPokBVAQTAQgAPhYhBA4a6TrWq1stc8Jdv4uZJVzk8U1QBQJfKEmAAhsDBQkDwmcABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEIuZJVzk8U1QAksH/1JubecTpfBYmF+q0oI8a/awPp4c6k13N963U9gKwgAHevOQRgvFdqZqv58SN26cHJCA3MPnZMw3RdiGcg9FGKu9pV7pFWvYYhDjWwthfaeGVjfIC5SYuI2ddx2S1J0LgRV4EX/I23ypJPVBY0drxGYYgnVLb9eLhEHA4Iv0u5iLjcOM506XrFPPf2Rbcl8I1QbvSxZviBbD3Y5M7en+sz6B9c707qVLdqiiLmnasxnvAStcWhWP3mycZ1Mq41tLxJYeVJ/037DgiUrmD1XYMdNaost9Yblvg+w6nOMjTSUfezXzLfk6giXyY1B4cTxWtWz/L6E1tNI65S9ZZW1Sp1y5AQ0EXyhJgAEIALZh/E+hzNth5pgeCQtq4C7zejJZXwuiwyVDJUDatbRyhTWpkIW93MRMIFpDse1EZ57GgQDTAqmObIAtg5KxE+8+U68hP3LmI6eHCPJrveFZe4+lfIycxC7DrKNU3zAIzCTgQApJL2g84cnASjVdhP/c4UmYcsq/UjsdYVg1HB6hm2IOOg2m72SPCZfuDK5tlsoqYMKpx1+zt4lCIIlndqRYHGD4NJSI8aUjvd/5OTqsOU3WZ74YlNV8zJo21Qn3Ts5hyKBcOjP1922CImO2jnv8IjBiGnSBGBW5tozcP9TrYbjMsZJS37EcHsJpJCHoZ+3Gmgq9+H3gXD2KSRtOOMUAEQEAAYkBPAQYAQgAJhYhBA4a6TrWq1stc8Jdv4uZJVzk8U1QBQJfKEmAAhsMBQkDwmcAAAoJEIuZJVzk8U1QezQH/iuj1qC9PRT/Qjc1YlCYSYatdDY2ij5YobHHUBCJLwv2lVxHjI9gU43Vi1ZhHwtHOYKZcupzlh6e5+1aGVbKTUSir3KEx8r8Ky86aCmjr3FDIfbEK3VarQkPAuQznBHBWDxwjbjDb9RDbb9/MtvIEBuvA/TlXqplg9jqE6HyJgJ51rWJppsbTk9jh/H8MIO6XA/n242QFfcVte+273/4Rm8uxK7R9IDT9aRpDxADXRqtfaW/fItkF1Qm54/2P2Kz/R+Qy1f013bBn9eX60s7UrhwSaSHvPrLw5SgYif1XxQMFgPouyE2tByHEMybmj5nue/m5AuVCdREstG/6H+4mSY==4JOF
-----END PGP PUBLIC KEY BLOCK----