How We Protect Your Data

Dedicated per-client infrastructure

Every client gets their own isolated Snowflake account. Your data never shares infrastructure with another company — no multi-tenant data warehouse, no shared schemas. What's yours is only yours.

Credential management

All client credentials and API keys are stored in AWS Secrets Manager. Nothing is hardcoded, nothing lives in config files, and nothing is ever committed to version control. Secrets rotate on a defined schedule and access is logged.

Data pipeline integrity

All data models are version-controlled in GitHub and deployed via CI/CD. Every pipeline run is validated — schema tests, freshness checks, referential integrity. Failures alert before they reach your reporting layer. You never see bad data silently.

AI access controls

Claude MCP connections are scoped per client. Each client can only query their own Snowflake account — there is no cross-client data access, by design. Within your organization, role-based access ensures finance sees finance data, ops sees ops data. Access is provisioned and documented as part of onboarding.

Monitoring and incident response

Pipelines are monitored continuously. Anomalies — data gaps, schema drift, freshness failures — trigger automated alerts to the StatLogic team before they affect your dashboards or AI queries. SLA commitments are defined per engagement in your SOW.

Encryption

Data in transit is encrypted via TLS. Data at rest is encrypted using Snowflake's native AES-256 encryption. There is no unencrypted path to your data.