Unlike other Reverse ETL platforms, Census was designed from day one to run inside your data warehouse. Our unique “low touch” sync architecture leverages your data warehouse’s own execution engine to perform sensitive operations, meaning that validation, transformation, and state tracking all happen without your data ever touching Census's servers. This ensures speed and security and makes Census “secure by default” against many common attacks.
Census is the only major Reverse ETL platform that does not store a second copy of your data. We perform most of the “logic” for determining what records need to be synced — and how to match those records to your existing data — within your own warehouse.
If your data does transit through Census' servers, it is encrypted in transit and securely removed the moment it reaches the ultimate destination. Census uses recent TLS versions for all connections between systems: from your browser to our application, from our servers to your data warehouse or SaaS application, and internally between our own services and databases. We do not use self-signed certificates and we regularly audit TLS versions and ciphersuites to avoid any newly discovered weaknesses. Census encrypts its own databases and blob storage at rest and applies an additional layer of asymmetric encryption to protect our core application secrets, like OAuth credentials and API keys.
Census does not require superuser access to your data warehouse, and will request the fewest OAuth scopes needed for your SaaS applications (subject to SaaS provider support). Connections between your data warehouse and shared resources such as S3 buckets are performed using minimum privilege STS credentials with short expiration times.
Census is fully compliant with GDPR regulations that ensure the privacy, protection, and security of personal information. We continuously evaluate our practices to prioritize and mitigate risks, and we are transparent about how customer data is collected, processed and stored. We have a Data Process Addendum available.
Safeguarding our customers’ personal data is our fundamental responsibility. Census is the first Reverse ETL platform to obtain a SOC 2 certification, and we regularly audit our policies and procedures to ensure compliance with ongoing HIPAA and SOC 2 requirements.
We seamlessly support over 10,000 data consumers with enterprise-grade SAML 2.0 SSO, which makes signing in with your existing identity provider easy. You can sign in with:
Customers can choose to keep all their data within the EU throughout the duration of a Census sync, hosted in Frankfurt (AWS eu-central-1). We never store your data, but your selected region determines where data is processed during your Census syncs.
Easily use your AWS KMS keys to encrypt all of your SaaS and warehouse credentials and define policies consistently with centralized key management.
Census records audit logs of any changes made to your models or sync configurations, telling you which users made changes and when. This includes changes made by Census sales engineers and professional services staff.
Census provides detailed logs, stored in your private warehouse, of each data point that is synced so you can audit, troubleshoot, and create alerts using the most granular information.
Bring your own private cloud by using private IP addresses in your VPC to connect securely within the AWS network. You also have the option to manage your own S3 bucket for legal or regulatory reasons, adding another layer of security to your pipeline.
Integrate with SIEM solutions like Splunk to detect and identify threats to your data more quickly and accurately with a holistic view of security events, especially from anomalous user actions.
Contact your Account Executive to request access
Role-based access controls enable administrators to control user and role permissions at a granular level. Approved administrators can configure the access list to quickly manage permissions within the Census UI.
Workspaces enable administrators to organize users and manage permissions for different teams, projects, or use cases. They can organize syncs and models in Workspaces however they wish. Each individual user can have a different role in each individual workspace they belong to.
Network administrators have multiple options to deploy additional layers of security:
Our team has never missed an SLA. The Census platform has 99.5% uptime with immediate status updates if anything goes wrong.
Customer Data Architects who are former Heads of Data help you stand up the most performant and secure data architecture and modeling best practices. We offer live support through email, chat, or Slack, and dedicated account managers guide you every step of the way to ensure success.
Our security is always improving. If you’d like to learn more about our data protection processes, email us.
If you are a security researcher and would like to disclose an issue, contact firstname.lastname@example.org. We are strong advocates for responsible disclosure by independent security researchers. We believe the best way to protect current and future customers is to encourage researchers to come forward with issues and reply promptly.
Our promise to you is:
In return we ask:
Should you wish to encrypt your correspondence, our public key is ↓