Trust at Cinchy
Putting you in full control of your data
We know it’s important for our customers to ensure that the data they connect and collaborate on with the Cinchy Dataware Platform is secure, protected, and in compliance with regulations.
At Cinchy, our mission is to give customers full control of how they manage, secure, and control the data. By self-hosting the platform on premise or in a private cloud, customers can adhere to their own best practices and protect their data in a way that complies with their own data security standards. The data connected in the Cinchy Dataware Platform is not shared back with Cinchy.
Data can be stored securely on the platform in a protected manner using the latest encryption protocols and standards. Cinchy recommends best practices when it comes to security, such as encryption, however it is a customer’s responsibility to ensure that their Cinchy environment is securely protected and adheres to their standards.
Tools are provided to help with data privacy compliance (for GDPR, CCPA, etc.) such as the ability to do full erasure of data.
The Cinchy platform is ISO 27001:2013 certified, meeting the highest standards of control and security, and is SOC 2 TYPE II compliant achieving the gold standard of information security based on security and confidentiality.
ISO 27001 CERTIFIED
The Cinchy platform is ISO 27001:2013 certified, meeting the highest standards of control and security.
SOC 2 TYPE II COMPLIANT
Cinchy has achieved the gold standard of information security, with a SOC2 Type 2 audit, based on security and confidentiality. It tested not only the structure of Cinchy's compliance program, but also the execution of internal controls over a six month period.
The security features of the Cinchy platform break down into the following categories:
All access through the platform must be authenticated. User management can take place directly through the Cinchy platform or existing identity provider / SSO (e.g Active Directory) using OpenID Connect. User and group-based management can also be synced from existing systems. All user login attempts and sessions are tracked and reported on through the platform.
All metadata within the platform is managed. This includes a changelog that exists on all structures and that tracks all data changes, including changes to access grants and table schema.
Every request is logged, including user logins, sessions, what data is accessed or downloaded, and what data is synced into the platform. These logs are queryable at any point in time to provide full flexibility in monitoring changes.
Compliance for data protection is supported by selector box data classifications that categorize data and can be used to create policies, create a data model column for opt in, and to write queries for opt in.
Controls on the platform are defined at the data layer which allows teams to set granular conditions for managing access. This functionality allows data owners to provide users with the minimum access they need to perform their duties. Conditions can take into account a variety of factors, including account information about the current user, groups, and any other data in the platform.
The platform also offers the ability to segregate duties on who can view or design table structures, manage entitlements, and modify data and control other permissions such as managing the ability to query, import, and export data.
Have any questions about our security practices? Send us a note at firstname.lastname@example.org