Comment on page
Security & Compliance
Your privacy and security is our top priority. Check out this document to find see how serious we are about it.
From day one, Select Star was designed with data security and confidentiality in mind. As a data discovery platform that’s designed to consume metadata from multiple sources, Select Star applies the highest standards for secure data management and confidentiality protection for its users. Also, we believe it is our responsibility to be transparent with how we operate and govern our data collection and processing.
Select Star does not access your data values or run queries against your data. Select Star's access and data processing is restricted to system metadata and query logs only. When connecting to your data sources, we recommend creating a dedicated service account for Select Star with metadata-only roles and permissions as defined in our docs.
Although we do not have read access to your data values, sometimes Select Star and its users may be exposed to sensitive data. This can happen if a user-executed query Select Star has ingested exposes sensitive data values. For example, Select Star may ingest a query that was executed as “select * from Users where ssn=’123-45-5678’”.
To prevent this type of scenario, we recommend our customers tag their sensitive columns as “PII”. Once a column is tagged as PII, Select Star will remove any value from the query log before the query gets saved in Select Star for processing.
This way, no sensitive data values are transferred to Select Star and no organization user will encounter queries containing potentially sensitive values.
Select Star has completed SOC 2 Type II audit exam in Security, Confidentiality, and Availability criteria in May 2022.
SOC 2 is a Service and Organization Control (SOC) governance framework developed by the American Institute of CPAs (AICPA) on storing of private business and customer information by third-party service providers. SOC 2 specifically relates to data security for companies that store client information on cloud-based servers, and hence relevant for Software as a Service (SaaS) providers like Select Star.
Independent auditors use the SOC 2 framework to validate a company’s systems and controls with respect to information security. Upon completion of the audit and a thorough review of the evidence, the auditor issues a SOC 2 report detailing its findings and attestation on the company’s security controls related to areas such as:
- Data encryption (in transit and at rest)
- Third-party penetration testing
- Least-privilege access controls
- Audit logging
- Endpoint monitoring
- Internal corporate governance & policies
- Risk management processes
- Regulatory oversight
SOC 2 has more than 200 of these requirements and mandates long-term policy and procedures to better secure customer information through tightened internal control.
Select Star has completed SOC 2 Type II audit in Security, Confidentiality, and Availability criteria since May 2021. SOC 2 Type II audit requires all the controls and systems are effective over a designated period of time, and hence the SOC 2 Type II audit report provides a guarantee that there are organizational practices already running in place to safeguard the privacy and security of all customer information.
SOC 2 Type II audit report, 3rd party pentest report, and summary of technical and organizational security measures for Select Star are all available upon request under MNDA.
All customer data will be deleted either upon request or automatically following a termination or cancellation of a Select Star account. It may take up to 10 business days to complete the deletion.
Select Star users with an admin role can also remove a Data Source in Select Star application at any time. This will delete all of its metadata, query logs, and any user-created or Select Star-created metadata (i.e., description, comments, tags, popularity, lineage) from the Select Star application.
All customer data deletion is permanent. Once deleted, customer data cannot be restored.
Select Star uses Amazon Web Services (AWS) to host its cloud infrastructure. AWS is a secure cloud services platform, offering compute power, database storage, content delivery and other functionality to help us continue to grow with our customers.
AWS security and operational processes for its network and infrastructure services are documented in here: Amazon Web Services: Overview of Security Processes. This document includes an overview of AWS’s data centre controls, including:
- Physical and Environmental Security
- Fire Detection and Suppression
- Climate and Temperature
- Storage Device Decommissioning
- AWS uses the techniques detailed in NIST 800-88 (“Guidelines for Media Sanitization”) as part of the decommissioning process.
- Amazon’s infrastructure fault tolerant design
- Core applications are deployed in an N+1 configuration, so that in the event of a data center failure, there is sufficient capacity to enable traffic to be load-balanced to the remaining sites.
Customers can obtain further details of AWS’ compliance and security position via their website at: