Trust Center at DataRobot

Trust, security and privacy are key values to DataRobot. Use our Trust Center to learn how we keep your data safe, secure and compliant.

Secure Architecture

Our application is built with security in mind. Our controls include data encryption in transit and at rest, two-factor authentication, and role-based access management. We follow a secure software development lifecycle and are always working to develop our security maturity to meet the changing cybersecurity landscape. 

Network and Endpoint Security

We have systems in place to ensure your data is safe from malware, vulnerabilities, and other cybersecurity threats like network-based attacks and unauthorized access. We regularly perform penetration testing using a trusted third party. 

Governance

DataRobot’s Enterprise Security Steering Committee is a cross-functional leadership team that shapes our security programs, and drives executive alignment. The Committee works with our Security Advisory Council to ensure that security is a key consideration of all company initiatives. All of our employees receive security and privacy training and testing, and participate in monthly contests that reward information security awareness. We have comprehensive policies and procedures in place designed to manage the integrity of our environment, and ensure security is embedded at a technical, physical and operational level. 

On Premises Platform

For customers that want to keep their data in house and use our self-hosted solution, we can provide controls and consultation to help you meet your unique security and privacy requirements.

• We have playbooks to help you meet PCI, FISMA, DoD, GDPR, ISO and SOC2 environment requirements
• Encryption in transit and at rest configurations are available using your own certificate authorities
• Compatible with DNSSEC

Certifications

We have achieved, or plan to achieve, the following certifications: 

• ISO 27001: We are certified under ISO 27001, a globally recognized standard for an organization’s Information Security Management System.
• SOC2 Type II: We annually undergo an independent assessment of our cloud controls environment. 
• FedRamp: We are currently in the process of being certified under FedRamp, a set of security requirements for cloud service providers to the US government.
• PCI-DSS 3.2 Attestation of Compliance: We plan to seek this certification in 2021 related to the processing of payment card data

Privacy and Compliance

We comply with current industry standards and regulations so that you can feel confident that your data is protected and compliant. 

• GDPR and CCPA: We comply with international data privacy regulations, including GDPR and CCPA. Learn more about how we handle your personal data. 
• Privacy Shield: We are EU-US and Swiss-US Privacy Shield compliant and have been certified by third party auditor TRUSTe. You can check our Privacy Shield status here. 
• HIPAA and HITECH: A third party auditor certified that DataRobot has all necessary administrative and operational controls in place to process ePHI. We currently do not sign BAAs as we do not allow personal data in the platform, but customers interested in modeling ePHI can inquire about our on-prem solution. 
• PCI-DSS: All credit card payments are processed through Stripe, our third party credit card processor. You can read about Stripe’s security practices on their website: www.stripe.com. While we don’t allow modeling of credit card data in the SaaS platform, we plan to seek a PCI-DSS 3.2 Attestation of Compliance in 2021 and can assist customers using our on-prem solution to comply with PCI requirements using our custom installation playbooks.

TrustedAI

Our AI models are transparent and trustworthy, with fairness tools to help users evaluate, understand, and mitigate bias in AI.  Learn more about our TrustedAI.

Would you like to learn more about our security and privacy practices at DataRobot? Request access to our Trust Package, which contains our security and compliance documentation.