Security & Data Protection

At Filament, we understand that your business data is your most valuable asset. Our platform is built from the ground up with security, privacy, and data isolation as fundamental principles.

Platform Architecture

Filament operates as a managed analytics platform that connects your business applications and synchronizes data to dedicated, isolated data warehouses. Our architecture ensures complete data separation between customers while providing powerful analytics capabilities.

Each organization receives a completely isolated PostgreSQL database provisioned in the region of your choosing. Your ELT pipelines run in secure, encrypted channels to synchronize data from connected applications. All dashboard access requires authentication through our secure web application.

Dedicated database per customerEncrypted ELT pipelinesRegional data residency

Data Isolation & Regional Residency

Your data security starts with complete isolation. Every customer organization receives a dedicated PostgreSQL database that is completely separate from other customers.

You choose where your data lives. We provision your database in the region you select: US, EU, or Australia. Your data remains exclusively in your chosen region.

Database-level separationRegional data residencyComplete query isolation

Authentication & Access Control

We implement enterprise-grade authentication with comprehensive support for email/password authentication, social sign-on providers (including Google, GitHub, Apple, and more), and advanced security features for seamless and secure access.

All API endpoints require authentication. Our authentication system provides robust session management with secure cookie handling, configurable session timeouts, and built-in protection against session fixation and CSRF attacks. The platform includes support for multi-factor authentication and rate limiting to protect against brute force attacks.

Social providers & MFAAuthenticated APIsSecure session managementCSRF & session protectionRate limiting protection

Data Encryption

Your data is protected using industry-standard encryption at every stage of its lifecycle.

In Transit

All data transmissions use TLS 1.2+ encryption, including API calls, webhook payloads, and browser connections

At Rest

Database encryption using AES-256, with encrypted backups and secure key management

Integration Credentials

OAuth tokens and API keys are encrypted using AES-256-CBC encryption before database storage

TLS 1.2+ in transitAES-256 at restEncrypted credentials

Infrastructure Security

Our infrastructure is built on SOC 2 Type II certified providers. Vercel provides our compute layer with enterprise-grade DDoS protection, automatically mitigating L3, L4, and L7 attacks at the platform level. Neon powers our database infrastructure with automatic scaling that adapts to demand, ensuring consistent performance and availability.

Security patching and dependency updates are automated through our CI/CD pipeline with Dependabot continuously scanning for vulnerabilities. Real-time application monitoring tracks errors, performance metrics, and anomalies to detect potential security events before they impact operations.

SOC 2 Type II hostingApplication DDoS protectionAuto-scaling databasesAutomated patching

Data Processing & Privacy

We follow data minimization principles, only collecting and processing what's necessary for providing our analytics services. Your data is used exclusively for generating insights and analytics — we never sell, share, or disclose it to third parties for marketing purposes.

Data deletion is available upon request following account termination. We support standard privacy rights including data access, rectification, and deletion requests.

Data minimizationNo data sellingDeletion on request

AI Training & Data Usage

Your data remains yours alone. We do not use your data to train, improve, or develop AI models. Our AI providers, including Anthropic, do not train on your data when processed through our platform.

All AI interactions with your data are ephemeral and transient — queries and analytics remain completely isolated within your organization's context and are used solely to generate insights for your immediate business needs.

No AI training on your dataEphemeral processingIsolated context

Operational Security

Our development and operational practices ensure continuous security through multiple layers of protection.

Development Security

Code goes through security-focused review processes with automated dependency vulnerability scanning via Dependabot. Our CI/CD pipeline includes security audits on every push, and we maintain regular dependency updates.

Access Controls

We follow the principle of least privilege with strong authentication requirements for administrative access. Critical operations are audit logged, and production access is strictly limited to essential personnel.

Code review processDependabot scanningCI/CD security auditsAudit logging

Backup & Disaster Recovery

We provide automated encrypted backups with point-in-time recovery capabilities. Our platform database maintains 7-day backup retention for all user configurations, dashboards, and metadata. Customer warehouse databases include 1-day backup retention with continuous replication. Longer backup options are available on Enterprise plans.

All backups are encrypted and stored across multiple availability zones for resilience.

Point-in-time recoveryMulti-AZ storageEncrypted backupsAutomatic failover

Compliance & Standards

Our infrastructure is built on SOC 2 Type II certified hosting providers (Vercel and Neon), giving you confidence in our operational security controls. We've designed our architecture with privacy principles from the ground up, following OWASP security guidelines and modern security best practices.

While we are not yet SOC 2 certified ourselves, our architecture leverages certified infrastructure providers and implements industry-standard security controls including encryption at rest and in transit, comprehensive audit logging, role-based access controls, and regular security reviews. We regularly review and update our security measures to address emerging threats.

SOC 2 Type II infrastructureOWASP guidelinesPrivacy by design

Your Security Responsibilities

Security is a shared responsibility. We recommend enabling multi-factor authentication for all users, regularly reviewing access permissions, using strong unique passwords, and monitoring account activity. Keep integration credentials secure and rotate them regularly. If you suspect any security issues, report them immediately.

Security Contact

For security inquiries, vulnerability reports, or to request our detailed security documentation, please contact our team.

Email: team@filamentanalytics.com

We aim to respond to security inquiries within 24 hours. For general support or responsible disclosure of vulnerabilities, please contact us at the email above.

Last updated: August 2025. We regularly review and update our security practices to ensure your data remains protected against evolving threats.

Security & Data Protection | Filament Analytics