Support
Dataedo Security - Securely
Built
for Data Professionals
At Dataedo, we prioritize security at every level - whether it’s crafting a secure product, embedding robust organizational security practices, or following secure processes.
A Comprehensive Approach to Security
We go beyond basic safeguards to ensure that our IT product is built with security in mind.
Here's how we do it:
Here's how we do it:
Secure Product
Every feature we build follows secure development practices from design to deployment - with rigorous testing, code review, and continuous security updates built into our process.
Organizational Security and Secure Processes
We ensure security with ISO 27001 compliance, strong policies, employee training, access management, legal compliance, and regular audits to maintain robust internal processes.
Compliance You Can Rely On
Dataedo is proud to adhere to two of the most trusted global standards for data and privacy protection.
With Dataedo, you can trust that you’re choosing a partner committed to compliance and your security.
With Dataedo, you can trust that you’re choosing a partner committed to compliance and your security.
ISO 27001 Certified
Credible proof that our information security management system (ISMS) meets the highest international standards.
GDPR Compliance
We’re committed to protecting personal data and ensuring compliance with European privacy regulations.
Strong Security Controls
Our robust security framework ensures you're working with secure IT software.
These are some of the controls that make it happen:
These are some of the controls that make it happen:
Authentication & Access Control
SSO authentication with role-based permissions ensure only authorized users access your metadata environment.
Metadata-Only Collection & Secure Connections
Read-only connections collect metadata structure with support for encrypted connections configured by your team.
Security Event Logging
Comprehensive logging of security-relevant events and user activities provides visibility and accountability for compliance reporting and security investigations.
Regular Security Testing & Vulnerability Response
Independent third-party penetration tests with rapid vulnerability remediation and security patch deployment.
Resources You Can Trust
FAQs
How does Dataedo ensure data privacy?
Dataedo is GDPR-compliant and uses industry-leading encryption practices to secure all user and system data.
Is Dataedo suitable for enterprise-level security needs?
Yes! Our ISO 27001 certification and enterprise-grade security controls make us an excellent choice for small to large organizations.
How can I request more details on Dataedo's security policies?
You can request access to our in-depth security documentation by reaching out to [email protected]
What happens in case of a data security incident?
We have an incident response policy that ensures immediate action, transparent communication, and regular reviews in alignment with ISO procedures.
Where is our metadata stored?
All metadata is stored in your repository database (SQL Server on-premises, SQL Server on cloud, or Azure SQL Database) hosted and controlled entirely within your environment. We have no access to this data.
Is any data sent outside our environment?
Only minimal data is sent to Dataedo servers:
- Launch logs (IP address, license info, program version)
- Usage tracking data
- Crash reports (only with user confirmation)
Who can access the repository database?
Access is secured through SQL Server authentication and authorization. SQL Server instance administrators and repository database owners automatically become Dataedo administrators.
Does Dataedo modify our source databases?
No. Dataedo:
- Does not modify database schemas
- Does not modify database data
- Only modifies metadata (comments/descriptions) when explicitly requested by users
Does Dataedo extract actual data from our databases?
By default, no. The Data Profiling feature can analyze and save data summaries, but saving actual data is disabled by default and the feature can be completely disabled.
What potentially sensitive information might be captured?
Metadata might contain sensitive information in:
- Table and column names/descriptions
- Stored procedures code and comments
- Database/host names (in crash reports)
- Repository file paths
What are the recommended security measures?
- Use server repository instead of file repository
- Implement Windows authentication
- Use read-only accounts for database access
- Create named user accounts (avoid shared accounts)
- Use encrypted database connections
- Avoid saving connection passwords
- Secure exported documentation (HTML, PDF, Excel)
- Limit database access to essential users only
How secure are crash reports?
Crash reports are optional and require user confirmation. We recommend reviewing them before sending as they may contain sensitive information like database names or file paths.
How can we control access to exported documentation?
While repository data is password-protected, exports (HTML, PDF, Excel) don't have built-in access control. Additional security measures should be implemented to restrict access to these exports.