Trust Center at DataRobot

Information Security

DataRobot, the leader in Value-Driven AI, is developed and built with the enterprise in mind. Our multi-layered security program ensures compliance with industry standards and implements best practices for information security, corporate controls, and software development.

Data Confidentiality and Privacy

We prioritize the highest standards of data confidentiality and privacy to ensure the security and trust of our users. We employ robust encryption measures both in transit and at rest, guaranteeing that your data remains protected from unauthorized access.

If you want to keep your data in-house and use our Self-Managed solution, we can provide controls to help you meet your unique security and privacy requirements.

• Encryption in transit and at rest configurations are available using your own certificate authorities
• Compatible with DNSSEC

Authentication

Experience secure and effortless authentication with the DataRobot AI Platform. Trial users can easily sign up for a 30-day trial using their Google or Github accounts. For enterprises, we support SAML-based SSO, and Self-Managed customers can integrate with LDAP for centralized user management and authentication. Add an extra layer of protection with Multi-Factor Authentication.

Data connections are made secure with OAuth or username & password. Admins now have the power to configure and govern access to OAuth connections without compromising sensitive information.

API Security

DataRobot AI Platform utilizes two APIs for communication. All API communications are secured using TLS 1.3 to protect authentication materials. For DataRobot API, authentication is achieved through a bearer token in the HTTP authorization header. For Prediction Server API, authentication is done via HTTP basic authentication with a username and an assigned API token as the password. 

Access Control

To empower you with granular control over your data, models, and resources, the DataRobot AI Platform uses role-based access control (RBAC) with default and custom roles, as well as fine-tuned sharing permissions. RBAC allows you to define and assign roles with specific privileges, ensuring users have access to only the functionality they need. Sharing permissions allow you to selectively grant access to resources, promoting collaboration while maintaining data security. This combination provides a flexible and robust access control framework, assuring a safe and seamless experience.

Cloud, Network, and Endpoint Security

We have systems in place to ensure your data is safe from malware, vulnerabilities, and other cybersecurity threats like network-based attacks and unauthorized access. We regularly perform penetration testing using a trusted third party to ensure that we are proactively identifying and addressing any potential vulnerabilities in our system.

Governance, Risk Management & Compliance

DataRobot has implemented a comprehensive GRC program, aligned with industry best practices, that includes annual external audits, security assessments of our production applications, on-prem and cloud assets, and security awareness training for employees. We have comprehensive policies and procedures in place designed to manage the integrity of our environment, including integrations with technology partners, to ensure that security is embedded at a technical, physical, and operational level.

Single-Tenant SaaS

Our most isolated cloud offering is designed for customers with elevated data privacy or data sovereignty requirements. Single-Tenant SaaS provides the latest DataRobot capabilities in a dedicated VPC that only you have access to. Focus on discovering value with predictive & generative AI; leave the deployment, monitoring, and maintenance to us. 

Single-Tenant SaaS is currently available on AWS, Azure and GCP. It is available in dozens of cloud provider locations, allowing you to select your preferred region to meet specific data sovereignty requirements.

Certifications

DataRobot AI Platform has achieved the following certifications:

• ISO 27001: We are certified under ISO 27001, a globally recognized standard for an organization’s Information Security Management System.
• SOC2 Type II: We annually undergo an independent assessment of our cloud control environment. 
• HIPAA: DataRobot’s HIPAA-compliant Single-Tenant SaaS offering is now available on AWS, Azure and GCP. Healthcare organizations can confidently manage sensitive healthcare data, ensuring seamless and secure AI-driven insights for improved patient outcomes and operational efficiency.

Privacy and Personal Data

GDPR and CCPA

We comply with international data privacy regulations, including GDPR, CCPA, CPRA, CPA, VCDPA, and the EU AI Act. Learn more about how we handle your personal data.  

Subprocessors

We perform due diligence on all vendors that support the delivery of our products and services. A subprocessor is a vendor that DataRobot uses to process personal data on behalf of our customers. You can find a list of our subprocessors here.

Government Requests for Data

When DataRobot receives a request to disclose customer data from a government or law enforcement entity, we will respond in line with our Government Data Request Policy. Additionally, we will provide transparency reports on any requests we have received. To date, DataRobot has not received a request from a governmental entity.

International Transfers of Personal Data

DataRobot has assessed all transfers of its customer’s personal data out of the EU and assembled this FAQ to answer common questions about how it is affected by the Schrems II ruling.

Modeling Personal Data with DataRobot

Personal data can be modeled within the DataRobot product, but we limit certain sensitive personal data from being ingested into SaaS deployments. Learn more about using personal data for AI predictions. 

For more information about Privacy and Personal Data, please contact us.