Hightouch logo
Own your data

Security

Customer trust and data security are critical to everything we do at Hightouch. From the beginning Hightouch has been architected to keep your data in your hands.

Hightouch is SOC 2 Type 2 Compliant for security, availability, and confidentiality. To see our report, contact us at security@hightouch.com

Hightouch is compliant with GDPR. If you are in the EU, your data is only stored in EU servers. EU companies in regulated industries (like Billie & Spendesk in Fintech) use Hightouch

Hightouch is compliant with HIPAA. Healthcare companies like ThirtyMadison, Chapter & Headway use Hightouch

Hightouch is fully compliant with CCPA. To see our DPA (Data Processing Addendum), contact us at security@hightouch.com

Keep your data in your warehouse

Novel Hybrid Architecture

Hightouch never stores any of your data. We don't need to and don't want to. Instead, we use our cloud for compute, but storage remains on prem in your cloud. We believe that companies should have control of their data and not be locked to any single vendor.

How your data passes through Hightouch:

  • 1

    We run queries directly on your warehouse.

  • 2

    (Optional). We store all customer data (logs, query results, etc) temporarily in your cloud (ex: AWS, GCP).

  • 3

    We transfer data to your destination, without storing it on our end.
Learn More
security
Control access within your organization

Product security

Hightouch provides security features to ensure that only authorized users can access and change your Syncs.

Data Governance

Get fine-grained control on who has access to models, destinations, Audiences, and syncs

Version Control and Approvals through Git

See all edits & roll back unintended changes immediately through Git. You can require PRs to ensure all changes get approved first

Single Sign On (SSO)

We connect with multiple auth providers to ensure only members of your organization can access your Hightouch workspace

Data Governance
Version Control
Single Sign On
We follow industry security standards

Internal Security

Within the Hightouch organization, we follow top security standards to ensure your data remains in your warehouse and tools.

  • We complete regular security-design reviews and pen tests using trusted security vendors, as well as regular audits such as SOC 2 Type 2

  • We encrypt all data at rest and protect by TLS in transit. Hightouch’s metadata database is encrypted by Amazon AWS using standard AES-256 encryption algorithms.

  • We limit internal access to tools and resources using time-based access.

internal security
We work with regulated industries

Regulated Industries

Hightouch works with international companies in regulated industries like Finance (Plaid, Billie) and Healthcare (Thirty Madison, Headway).

  • Hightouch is HIPAA compliant. We have a standard Business Associate Addendum (BAA) we present to customers for signature and can also work with your existing BAA.

  • Hightouch is GDPR compliant. For EU customers such as Spendesk and Billie, data is only stored in EU servers.

Regulated Industries
Reach out to security@hightouch.com for questions and identified security vulnerabilities

Ready to leverage your customer data?

Hightouch logo

Your data warehouse is your source of truth for customer data. Hightouch syncs this data to the tools that your business teams rely on.

Copyright © 2022 Carry Technologies, Inc. dba Hightouch.
All rights reserved.

Get in touchhello@hightouch.com
501 Folsom St3rd FloorSan Francisco, CA 94105United States