We Value Your Data Security
Trust & Security
Every decision we make is rooted in our values—humility and responsibility. From our processes, behaviors, and down to every level of infrastructure, we make no compromises when it comes to our customers’ data security. To learn more about Treasure Data security controls, visit our Trust and Security Center to view our security documentation, white papers, request compliance certifications (ISO, SOC2), and more.
Compliance
Treasure Data maintains an array of compliance certifications and attestations to affirm our commitment to data security for our customers. To learn more about Treasure Data Compliance, click through each tile below.
SOC 2 Type 2
Treasure Data undergoes an annual SOC 2 Type 2 audit covering the Security, Confidentiality, and Availability Trust Services Criteria.
SOC 3
Treasure Data undergoes an annual SOC 3 Type 2 audit covering the Security, Confidentiality, and Availability Trust Services Criteria.
ISO/IEC 27001
Treasure Data undergoes an annual ISO/IEC 27001:2013 certification audit over the ISMS that governs the Treasure Data CDP.
ISO/IEC 27017
Treasure Data undergoes an annual ISO/IEC 27017:2015 certification audit over the ISMS that governs the Treasure Data CDP.
ISO/IEC 27018
Treasure Data undergoes an annual ISO/IEC 27018:2019 certification audit over the ISMS that governs the Treasure Data CDP.
HIPAA Type 2
HIPAA compliance ensures that Treasure Data protects the confidentiality, integrity, and security of ePHI for our healthcare and life sciences customers. Treasure Data undergoes an annual HIPAA Type 2 audit to verify all HIPAA Security Rule requirements are addressed and operating effectively.
CSA STAR Level 1
CSA Star Level 1 is a self attestation intended for Cloud Service Providers (CSPs) that validates Treasure Data’s use of industry-leading best practices to secure data in our CDP.
Privacy Mark
Treasure Data undergoes annual PrivacyMark compliance audits. PrivacyMark is a privacy-centric certification in Japan that focuses on enhancing consumers' awareness of personally identifiable information (PII) protections. The requirements are based on JISQ standards and are governed by JIPDEC (Japan Institute for Promotion of Digital Economy and Community). PrivacyMark is viewed as the Japan equivalent of the ISO/IEC 27001.
FISC
Treasure Data has developed a guide to help our customers understand how our control environment aligns with the Center for Financial Industry Information Systems (FISC) guidelines. Many of the controls outlined in our guide are already implemented as part of existing third-party audited compliance offerings, such as our ISO/IEC 27001 certification and SOC 2 Type 2 report.
Shared Security Model
The following shared model indicates which control domains are owned by the customer, Treasure Data, and Treasure Data’s Infrastructure as a Service (IaaS) provider. Treasure Data is responsible for protecting the underlying infrastructure that runs the CDP; the customer is responsible for controlling the CDP.
Data Localization
All infrastructure and storage services run within regional AWS data centers and leverage multiple Availability Zones. Treasure Data uses the following AWS regions:
- US East (Northern Virginia)
- US West (Oregon)
- Europe (Frankfurt)
- Asia Pacific (Tokyo)
- Asia Pacific (Seoul)
Frequently Asked Questions
Yes, Treasure Data engages with a variety of vendors defined as subprocessors.
Yes, you can download Treasure Data’s most recent SOC 2 Type 2 report.
Yes, you can request a copy of Treasure Data’s most penetration testing report.
Yes, click here to download a white paper about Treasure Data and HIPAA compliance.
Treasure Data values the security of its customers and is committed to ensuring that the systems and products are secure. We invite all bug bounty researchers to join our efforts in identifying and reporting vulnerabilities in our systems.
Submit your findings to our dedicated bug bounty email address (vulnerabilities@treasuredata.com) and help us keep Treasure Data secure. Let’s work together to make the Internet a safer place!
Yes, you can learn more about all the regulations in which Treasure Data is compliant by visiting our Privacy Compliance page.
Talk with our experts
Still have questions about data security with Treasure Data? Let us connect you with one of our experts.