Trust & Security

Your data, guarded.
Your business, uninterrupted.

Definite is built for teams that can't afford to get security wrong. Encryption in transit and at rest, granular access controls, audit logs, and independent compliance attestations — baked into the platform from day one.

§ Standards

Independently attested.

We hold ourselves to the standards our customers are held to. Request the latest reports from our trust team.

In progress
SOC 2 Type II

Audit underway; interim Type I available on request.

Compliant
GDPR

DPA available; EU data processing agreements supported.

Compliant
CCPA

Honors consumer data rights for California residents.

On request
HIPAA

BAA available for Enterprise customers with PHI workloads.

§ Controls

Security built in, not bolted on.

The same controls we use to protect our own business; available to yours, in every plan.

01
Encryption everywhere

TLS 1.2+ for data in transit. AES-256 for data at rest, including backups and snapshots. Secrets encrypted with managed KMS and rotated on a defined schedule.

02
SSO & granular access

SAML 2.0 and OIDC SSO available on Pro and Enterprise plans. Role-based access control across workspaces, docs, and integrations. SCIM provisioning on Enterprise.

03
Row-level security

Pass user identity into your semantic layer to scope queries per user, team, or customer. Enforce multi-tenant boundaries in the warehouse, not just the UI.

04
Audit logs

Every authentication, permission change, query, and integration event is logged. Exportable on Enterprise for your SIEM.

05
Least-privilege infra

Production access gated by SSO + MFA and restricted to a small on-call group. All access reviewed quarterly; all production changes peer-reviewed.

06
Vulnerability management

Automated dependency scanning, container image scanning, and static analysis in CI. Annual third-party penetration test; findings tracked to remediation.

§ Data handling

How we treat your data.

Where your data lives
US-based cloud infrastructure (GCP). EU region available on Enterprise.
Who can access it
You. Definite employees access customer data only with explicit permission, for a defined support reason, logged and time-bound.
Sub-processors
A small, disclosed list of vetted providers (cloud, email, analytics). Full list available on request and updated with notice.
Backups & recovery
Daily encrypted backups with documented RPO/RTO. Restores tested on a regular cadence; available to customers on request.
Retention & deletion
You own your data. We delete customer data within 30 days of account closure; earlier on request.
Incident response
Defined IR playbook with on-call rotation. We notify affected customers within 72 hours of a confirmed security incident.
§ Need the details?

Send us the questionnaire. We'll handle the rest.

Customer security teams can request any of the documents on the right. We turn most around within 1-2 business days.

SOC 2 reportType I available; Type II in progress
On request
Security whitepaperArchitecture & controls overview
On request
DPA / SCCsFor EU data processing
On request
Pen test summaryMost recent third-party test
On request
BAAFor HIPAA-covered workloads (Enterprise)
On request
Sub-processor listCurrent vendors & purpose
On request

Your answer engine
is one afternoon away.

Book a 30-minute call. We'll build your first dashboard on the call — or you can stop paying us.