Security & Data Protection
At Filament, we understand that your business data is your most valuable asset. Our platform is built from the ground up with security, privacy, and data isolation as fundamental principles.
Platform Architecture
Filament operates as a managed analytics platform that connects your business applications and synchronizes data to dedicated, isolated data warehouses. Our architecture ensures complete data separation between customers while providing powerful analytics capabilities.
Each organization receives a completely isolated PostgreSQL schema for their data warehouse. Your ELT pipelines run in secure, encrypted channels to synchronize data from connected applications. The AI analytics layer processes natural language queries exclusively within your data boundaries, and all dashboard access requires authentication through our secure web application.
Data Isolation
Your data security starts with complete isolation. Every customer organization operates in a fully separated environment with its own warehouse schema that's completely isolated from other customers.
We enforce separation at the PostgreSQL schema level, ensuring queries cannot cross organizational boundaries. All data tables include unique identifiers preventing any possibility of data collision.
Authentication & Access Control
We implement enterprise-grade authentication, supporting single sign-on, multi-factor authentication, and OAuth providers for seamless and secure access.
All API endpoints require authentication. Clerk manages our session lifecycle with automatic 60-second token refresh, configurable inactivity timeouts, and protection against session fixation attacks.
Data Encryption
Your data is protected using industry-standard encryption at every stage of its lifecycle.
In Transit
All data transmissions use TLS 1.2+ encryption, including API calls, webhook payloads, and browser connections
At Rest
Database encryption using AES-256, with encrypted backups and secure key management
Integration Credentials
OAuth tokens and API keys are encrypted using AES-256-CBC encryption before database storage
Infrastructure Security
Our infrastructure uses SOC 2 Type II certified hosting providers for both compute and database hosting. We implement defense-in-depth with private networks, firewalls, and DDoS protection at all layers.
Security patching and dependency updates are automated to ensure we're protected against known vulnerabilities. Real-time application monitoring tracks errors, performance metrics, and anomalies to detect potential security events.
Data Processing & Privacy
We follow data minimization principles, only collecting and processing what's necessary for providing our analytics services. Your data is used exclusively for generating insights and analytics — we never sell, share, or disclose it to third parties for marketing purposes.
Data deletion is available upon request following account termination. We support standard privacy rights including data access, rectification, and deletion requests.
AI Training & Data Usage
Your data remains yours alone. We do not use your data to train, improve, or develop AI models. Our AI providers, including Anthropic, do not train on your data when processed through our platform.
All AI interactions with your data are ephemeral and transient — queries and analytics remain completely isolated within your organization's context and are used solely to generate insights for your immediate business needs.
Operational Security
Our development and operational practices ensure continuous security through multiple layers of protection.
Development Security
Code goes through security-focused review processes with automated dependency vulnerability scanning via Dependabot. Our CI/CD pipeline includes security audits on every push, and we maintain regular dependency updates.
Access Controls
We follow the principle of least privilege with strong authentication requirements for administrative access. Critical operations are audit logged, and production access is strictly limited to essential personnel.
Backup & Disaster Recovery
We provide automated encrypted backups with 7-day retention, allowing point-in-time recovery to any specific moment within your retention window. Backups are stored across multiple availability zones for resilience, built on reliable cloud infrastructure with high availability.
Compliance
Our infrastructure uses SOC 2 Type II certified hosting providers. We've designed our architecture with privacy principles from the ground up, following OWASP security guidelines and modern security best practices. We regularly review and update our security measures to address emerging threats.
Your Security Responsibilities
Security is a shared responsibility. We recommend enabling multi-factor authentication for all users, regularly reviewing access permissions, using strong unique passwords, and monitoring account activity. Keep integration credentials secure and rotate them regularly. If you suspect any security issues, report them immediately.
Security Contact
For security inquiries, vulnerability reports, or to request our detailed security documentation, please contact our team.
Email: team@filamentanalytics.com
We aim to respond to security inquiries within 24 hours. For general support or responsible disclosure of vulnerabilities, please contact us at the email above.
Last updated: August 2025. We regularly review and update our security practices to ensure your data remains protected against evolving threats.