Security at the Core
DataFuse is built on a cryptographically decoupled architecture that keeps your credentials out of LLM context windows. Here you'll find everything about our security posture, compliance certifications, and privacy practices.
Compliance
Independently verified certifications and compliance standards.
SOC 2 Type II
CertifiedOur systems and controls have been independently audited and certified for security, availability, and confidentiality.
ISO 27001:2022
CertifiedOur Information Security Management System meets the rigorous international standard for information security.
GDPR Compliant
CompliantFull compliance with EU data protection regulations including data subject rights and cross-border data transfers.
Security Controls
Continuously monitored and verified
Infrastructure Security
- Encryption keys access restricted
- Production infrastructure access restricted
- Remote access encrypted enforced
- Firewall rules and network segmentation enforced
- Infrastructure monitoring and alerting enabled
Organizational Security
- Asset disposal procedures utilized
- MDM system enforced on company devices
- Background checks completed for employees
- Security awareness training conducted annually
Product Security
- Data encryption at rest and in transit
- Control self-assessments conducted quarterly
- Penetration testing performed annually
- Vulnerability scanning and remediation process
- Secure SDLC practices enforced
Internal Security Procedures
- Business Continuity & Disaster Recovery plans established
- SOC 2 system description documented
- Organization structure and access policies documented
- Incident response plan tested and maintained
- Change management process enforced
- Vendor risk assessment program in place
- Access reviews conducted quarterly
Data and Privacy
- Customer data deleted upon account termination
- Data classification policy enforced
- Privacy impact assessments conducted
- Consent management system in place
Resources
Audit reports, policies, and security documentation. Request access to locked documents.
Audit Reports
Our most recent SOC 2 Type II audit report
ISMS certification documentation
Policies
Procedures for maintaining operations during disruptions
Procedures for detecting, responding to, and recovering from security incidents
How we collect, process, and protect customer data
Security requirements across our software development lifecycle
Overarching security governance framework
Other Resources
Executive summary of our latest penetration test
Third-party audit engagement details
Subprocessors
Third-party services that process data on our behalf.
| Provider | Purpose | Region |
|---|---|---|
Amazon Web Services | Hosting our infrastructure | us-east-1 (N. Virginia) |
Cloudflare | DNS, CDN, and edge security | Global (Anycast) |
Vercel | Application hosting and deployment | us-east-1 (N. Virginia) |
Datadog | Infrastructure monitoring and alerting | US1 (AWS us-east-1) |
Frequently Asked Questions
Common questions about DataFuse's security practices.
Updates
Latest security and compliance news from DataFuse.
Statement of Non-Impact: Recent Cloudflare Outage
DataFuse infrastructure was not impacted by the recent Cloudflare incident. Our multi-region failover ensured continuous uptime.
Updated SOC 2 Type II report published
Our latest SOC 2 Type II audit report covering Jan 2025 — Jan 2026 is now available upon request.
DataFuse Trust Center launched
We've launched our Trust Center to provide full transparency into our security posture, compliance status, and practices.
Have a security question?
Our security team is happy to answer any questions about our practices, request additional documentation, or schedule a call.