Security

The entire dbt Cloud team is focused on keeping you and your data safe. We adhere to industry-leading standards to manage our network, secure our application, and set policies across our organization.


Communication

  • All connections to dbt Cloud are encrypted by default, in both directions using modern ciphers and cryptographic systems. We maintain an A+ rating from Qualys/SSL Labs.

  • Any attempt to connect over HTTP is redirected to HTTPS.

  • We use HSTS to ensure browsers interact with dbt Cloud only over HTTPS

Auditing

  • dbt Cloud undergoes twice annual security audits from an outside provider, and regularly installs the latest, secure versions of all underlying software.

Compliance

  • PCI: Before granting dbt Cloud access to data subject to PCI requirements, please contact support at support@getdbt.com.

  • HIPAA: Before granting dbt Cloud access to data subject to HIPAA requirements, please contact support at support@getdbt.com.

  • GDPR: dbt Cloud is fully GDPR compliant. dbt Cloud’s Terms of Service includes a Data Processing Addendum that enacts standard contractual clauses set forth by the European Commission to establish a legal basis for cross-border data transfers from the EU.

Security Protocols

  • dbt Cloud’s data centers are hosted using Amazon Web Services, where they are protected by electronic security, intrusion detection systems, and 24/7/365 human staff.

  • dbt Cloud uses actively maintained, long-term-supported operating systems that are kept up to date with the latest security patches.

  • dbt Cloud uses a dedicated firewall and private network to prevent unauthorized network access.

  • We limit access to sensitive data to a few senior employees.

  • We review new features for security impact before release.

Security Recommendations

  • Limit dbt Cloud’s access to your warehouse to strictly the datasets processed by dbt. Restrict access to extremely sensitive data such as credit card numbers or PHI. Consider removing these data points from your warehouse entirely.

  • Use SSL or SSH encryption to protect your data and credentials while in transit. Choose strong passwords for your database users.

Research and Disclosure

Fishtown Analytics is committed to working with security experts across the world to stay up to date with the latest security techniques. If you believe you have found a security vulnerability in dbt Core or dbt Cloud, we encourage you to let us know right away. We will investigate all legitimate reports and do our best to quickly fix the problem.

If you believe you have discovered a problem or have any questions, please contact us at security@getdbt.com.