Security
Customer trust and data security are critical to everything we do at Hightouch. From the beginning Hightouch has been architected to keep your data in your hands.
Hightouch is SOC 2 Type 2 Compliant for security, availability, and confidentiality. To see our report, contact us at security@hightouch.com
Hightouch is compliant with GDPR. If you are in the EU, your data is only stored in EU servers. EU companies in regulated industries (like Billie & Spendesk in Fintech) use Hightouch
Hightouch is compliant with HIPAA. Healthcare companies like ThirtyMadison, Chapter & Headway use Hightouch
Hightouch is fully compliant with CCPA. To see our DPA (Data Processing Addendum), contact us at security@hightouch.com
Novel Hybrid Architecture
Hightouch never stores any of your data. We don't need to and don't want to. Instead, we use our cloud for compute, but storage remains on prem in your cloud. We believe that companies should have control of their data and not be locked to any single vendor.
How your data passes through Hightouch:
- We run queries directly on your warehouse.
1
- (Optional). We store all customer data (logs, query results, etc) temporarily in your cloud (ex: AWS, GCP).
2
- We transfer data to your destination, without storing it on our end.
3
Product security
Hightouch provides security features to ensure that only authorized users can access and change your Syncs.
Data Governance
Get fine-grained control on who has access to models, destinations, Audiences, and syncs
Version Control and Approvals through Git
See all edits & roll back unintended changes immediately through Git. You can require PRs to ensure all changes get approved first
Single Sign On (SSO)
We connect with multiple auth providers to ensure only members of your organization can access your Hightouch workspace
Internal Security
Within the Hightouch organization, we follow top security standards to ensure your data remains in your warehouse and tools.
We complete regular security-design reviews and pen tests using trusted security vendors, as well as regular audits such as SOC 2 Type 2
We encrypt all data at rest and protect by TLS in transit. Hightouch’s metadata database is encrypted by Amazon AWS using standard AES-256 encryption algorithms.
We limit internal access to tools and resources using time-based access.
Regulated Industries
Hightouch works with international companies in regulated industries like Finance (Plaid, Billie) and Healthcare (Thirty Madison, Headway).
Hightouch is HIPAA compliant. We have a standard Business Associate Addendum (BAA) we present to customers for signature and can also work with your existing BAA.
Hightouch is GDPR compliant. For EU customers such as Spendesk and Billie, data is only stored in EU servers.
Your data warehouse is your source of truth for customer data. Hightouch syncs this data to the tools that your business teams rely on.
Copyright © 2022 Carry Technologies, Inc. dba Hightouch.
All rights reserved.