Documentation

Security

We take data security and privacy very seriously at Winterface. We use industry-leading security best practices when connecting to and displaying your information.

Encryption

All data (including credentials, metadata, and ephemeral data) is encrypted at rest either directly or with an encryption key stored in a key management system managed by our cloud provider.

Additionally, all connections between clients, servers, and Snowflake are encrypted by default using industry-standard TLS 1.2 or greater.

Snowflake Permissions

Our recommended deployment of the Winterface user and role only has CREATE permissions in a segregated database. You are able to provide additional permissions to the supporting role, which will rely entirely on Snowflake's robust RBAC model. Additionally, you are able to further restrict access to users by granting less-priviliged roles in Snowflake to the Winterface role and assigning that role as the default for those users in Winterface.

Data Retention

All customer data, besides what is listed below, is removed from Winterface systems within 48 hours leveraging automated lifecycle management policies. The only data retained is what is absolutely necessary to provide the Winterface service. This consists entirely of:

  • Snowflake Credentials - Winterface retains Snowflake connection information for the purpose of interfacing with the Snowflake system. All connection information is stored securely in a key management system managed by our cloud provider.
  • Customer Metadata - Winterface retains metadata such as table names and column names/data types so that they can be used to display to users and to quickly query data within Snowflake.
  • Ephemeral Data - While uploading files or preparing files for download, data will be temporarily stored in encrypted object storage until the operations around that file can be completed. The data is encrypted using keys stored securely in a key management system managed by our cloud provider. This data is removed from Winterface systems within 48 hours leveraging automated lifecycle management policies.

Company Policies

  • Winterface requires all employees to comply with documented security policies, which are reviewed on a regular basis.
  • All systems require stringent password controls and two-factor authentication for access.
  • Production environments are unable to be modified without an automatically enforced multi-stage review process.
  • All code is deployed using continuous integration/continuous deployment after the review process is complete.
  • In the event of a data breach (none to date) it is our policy to inform customers as soon as the breach is confirmed.

Vulnerability Reporting

Despite our best efforts to keep our systems secure, vulnerabilities are always a possiblity.

If you have discovered a potential security vulnerability, please provide our security team (privacy@winterface.io) information to recreate the issue.

Previous
User Permissions Settings
Next
Privacy Policy