We Take CDP Security Seriously

You don’t compromise on your customers’ data security, and neither do we. Our processes, behaviors, and every level of our infrastructure are built with enterprise security in mind. Because we serve the world’s largest, globally distributed, technologically mature companies, we built a customer data platform (CDP) that stands up to the toughest CISO scrutiny.

SOC 2 Type 2

Treasure Data undergoes an annual SOC 2 Type 2 audit covering the Security, Confidentiality, and Availability Trust Services Criteria.

Get a copy

SOC 3

Treasure Data undergoes an annual SOC 3 Type 2 audit covering the Security, Confidentiality, and Availability Trust Services Criteria.

Get a copy

ISO/IEC 27001

Treasure Data undergoes an annual ISO/IEC 27001:2013 certification audit over the ISMS that governs the Treasure Data CDP.

Get a copy

ISO/IEC 27017

Treasure Data undergoes an annual ISO/IEC 27017:2015 certification audit over the ISMS that governs the Treasure Data CDP.

Get a copy

ISO/IEC 27018

Treasure Data undergoes an annual ISO/IEC 27018:2019 certification audit over the ISMS that governs the Treasure Data CDP.

Get a copy

HIPAA Type 2

HIPAA compliance ensures that Treasure Data protects the confidentiality, integrity, and security of ePHI for our healthcare and life sciences customers. Treasure Data undergoes an annual HIPAA Type 2 audit to verify all HIPAA Security Rule requirements are addressed and operating effectively.

Get audit report

CSA STAR Level 1

CSA Star Level 1 is a self attestation intended for Cloud Service Providers (CSPs) that validates Treasure Data’s use of industry-leading best practices to secure data in our CDP.

Get a copy

Privacy Mark

Treasure Data undergoes annual PrivacyMark compliance audits. PrivacyMark is a privacy-centric certification in Japan that focuses on enhancing consumers’ awareness of personally identifiable information (PII) protections. The requirements are based on JISQ standards and are governed by JIPDEC (Japan Institute for Promotion of Digital Economy and Community). PrivacyMark is viewed as the Japan equivalent of the ISO/IEC 27001.

Get a copy

FISC

Treasure Data has developed a guide to help our customers understand how our control environment aligns with the Center for Financial Industry Information Systems (FISC) guidelines. Many of the controls outlined in our guide are already implemented as part of existing third-party audited compliance offerings, such as our ISO/IEC 27001 certification and SOC 2 Type 2 report.

Get a copy

Platform security

Penetration testing

Annual penetration tests are conducted on the in-scope external network, web application, and API endpoints. Internal Red Team activities are also conducted ad hoc throughout the year.

Learn more

Shared Security Model

Data localization

All infrastructure and storage services run within regional AWS data centers and leverage multiple Availability Zones. Treasure Data uses the following AWS regions:

  • US East (Northern Virginia)

  • US West (Oregon)

  • Europe (Frankfurt)

  • Asia Pacific (Tokyo)

  • Asia Pacific (Seoul)

Beyond compliance: Our approach to security

Consumer data is gold and should be as safe and secure as any precious material.

Learn about our comprehensive approach to security and privacy goes beyond compliance, helping global brands gain trust and see business value.

Our CIO/CISO’s take on CDP trust and security

Eyebrow Text

A CDP built on trust

All great experiences come down to trust. Do your customers trust you with their data? With Treasure Data, you have the tools and processes needed to ensure that every experience is built on a bedrock of trust that your customers demand.

Frequently asked questions