SOC 2, HIPAA, and GDPR secure

We know how important security is to you and your company.

We’re on a mission to help companies like yours unlock the potential of your data, while ensuring that it remains secure, private, and under your control.

That’s why Chartio is built with security in mind at every step.

Certifications

Aicpa security badge Soc2 security badge

SOC 2

Chartio is compliant with SOC 2 Type II, an independent audit designed to ensure good policy and compliance in the five key areas of security, availability, processing integrity, confidentiality, and privacy.

Our most recent SOC 2 Type II audit was completed in January 2019, and we plan to complete this audit annually. This report is available upon request.

Hipaa security badge

HIPAA

Our customers work with many types of data, but none more personal and private than health care data.

That’s why, as part of our commitment to maintaining the privacy of your data, we’ve updated our policies, added security features, and enhanced our infrastructure to fully meet HIPAA requirements.

Privacy shield badge

Privacy Shield

Privacy Shield is a framework for complying with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce.

Review our Privacy Shield Statement of our current certification.

GDPR badge

GDPR

In advance of the 2018 regulations, we completed a thorough audit of our security and privacy landscape to ensure that Chartio would be GDPR compliant.

Read our GDPR statement about how we fulfilled our GDPR requirements.

Have specific questions? Email us anytime at security@chartio.com.

Secure by design

Architecture

When you connect your data to Chartio, we use a read-only connection to ensure that your Chartio users can’t modify your data. We also offer SSH tunnelled connections for databases behind firewalls which allows for secure connectivity to cloud, hybrid, or on-premise environments.

We query your database directly -- we don’t mirror or retain your data beyond what’s needed to display your query results quickly and completely. And of course, all of our servers are hardened, kept up-to-date with the latest security patches, and protected behind firewalls.

Encryption

Encryption is vital to keeping your data safe, so Chartio encrypts all your data at rest and in flight.

All database connections that support SSL offer encrypted data transfer, and additional security is available with our reverse SSH tunnels that put your database connection on your terms—no need to expose your server to the internet to use Chartio. And when you use Chartio, you’re using industry-standard HTTPS to keep your data safe and secure, no matter where you are.

Access control

Chartio administrators can quickly and easily secure their data using a variety of tools:

  • Secure login with Google Apps
  • SAML compatibility with Okta, OneLogin, and more
  • Role-based permissions for fine-grained control

Security policies and documents

Privacy policy

We take user privacy seriously, with strict policies to keep your personally identifiable information safe. Chartio undergoes an annual SOC 2 Type II audit, complies with GPDR, and is Privacy Shield self-certified. We also have Data Protection Agreements available for customers, and our Data Advisors are happy to work with companies to ensure that we satisfy all of their privacy requirements.

Review our Privacy Policy

Responsible disclosure

At Chartio, we consider the security of our systems a top priority. But no matter how much effort we put into system security, there can still be vulnerabilities present.

If you discover a vulnerability, we’d like to know about it.

Review our Responsible Disclosure Policy

Terms of Service

Chartio is committed to clear and open communication with the users of our products and visitors to our websites. We clearly outline the terms of our service in this document. If you're a registered Chartio user, we'll email you directly if we ever make changes to our Terms of Service.

Review our Terms of Service

Privacy Shield Statement

As described above, Privacy Shield is a framework for complying with data protection requirements when transferring personal data from the EU and Switzerland to the United States. We comply with the EU-U.S. Privacy Shield Framework and Swiss-U.S and are certified by the Department of Commerce that it adheres to the Privacy Shield Principles.

Review our Privacy Shield Statement