Committed to CDP Security, Privacy, and Responsible AI

You don’t compromise on your customers’ data security and privacy, and neither do we. Built on a foundation of trust, our platform stands up to the toughest CISO scrutiny.

Compliance

 

SOC-2-type-2

SOC 2 Type 2

Treasure Data undergoes an annual SOC 2 Type 2 audit covering the Security, Confidentiality, Availability, and Processing Integrity (PI) Trust Services Criteria (TSC).

Get a copy
SOC-2-type-2

SOC 3

Treasure Data undergoes an annual SOC 3 Type 2 audit covering the Security, Confidentiality, Availability, and Processing Integrity (PI) Trust Services Criteria (TSC).

Get a copy
ISO-IEC logo

ISO/IEC 27001

Treasure Data undergoes an annual ISO27001:2022 certification audit over the ISMS that governs the Treasure Data CDP.

Get a copy
ISO-IEC

ISO 27701

Treasure Data undergoes an annual ISO/IEC 27701:2019 certification audit over the PIMS that governs the Treasure Data CDP.

Get a copy
ISO-IEC-logo

ISO/IEC 27017 

Treasure Data undergoes an annual ISO/IEC 27017:2015 certification audit over the ISMS that governs the Treasure Data CDP.

Get a copy
ISO-IEC-logo

ISO/IEC 27018

Treasure Data undergoes an annual ISO/IEC 27018:2019 certification audit over the ISMS that governs the Treasure Data CDP.

Get a copy
HIPAA-logo

HIPAA Type 2

HIPAA compliance ensures that Treasure Data protects the confidentiality, integrity, and security of ePHI for our healthcare and life sciences customers. Treasure Data undergoes an annual HIPAA Type 2 audit to verify all HIPAA Security Rule requirements are addressed and operating effectively.

Get audit report
CSA-STAR-logo

CSA STAR Level 1

CSA Star Level 1 is a self attestation intended for Cloud Service Providers (CSPs) that validates Treasure Data’s use of industry-leading best practices to secure data in our CDP.

Get a copy
TRUSTe

TRUSTe Responsible AI Certification

This AI certification is focused on privacy and data protection. It demonstrates Treasure Data’s commitment to the development of AI services according to responsible AI principles. Its scope includes Treasure Data Audience Agent and AI Agent Foundry

Get a copy
Star for AI Certification Logo

STAR for AI Level 1

CSA Star Level 1 is a self assessment that contains 243 control objectives distributed across 18 security domains. It maps to leading standards, including ISO 42001, ISO 27001, NIST AI RMF 1.0, and BSI AIC4 and guides us to develop, implement, and operate AI technologies in a secure and responsible manner.

Get a copy
PrivacyMark

Privacy Mark

Treasure Data undergoes annual PrivacyMark compliance audits. PrivacyMark is a privacy-centric certification in Japan that focuses on enhancing consumers’ awareness of personally identifiable information (PII) protections. The requirements are based on JISQ standards and are governed by JIPDEC (Japan Institute for Promotion of Digital Economy and Community). PrivacyMark is viewed as the Japan equivalent of the ISO/IEC 27001.

Get a copy
FISC logo

FISC

Treasure Data has developed a guide to help our customers understand how our control environment aligns with the Center for Financial Industry Information Systems (FISC) guidelines. Many of the controls outlined in our guide are already implemented as part of existing third-party audited compliance offerings, such as our ISO/IEC 27001 certification and SOC 2 Type 2 report.

Get a copy

Platform security

Customer data encryption

Data in-transit is encrypted while traversing over public networks using NIST guidelines. Data at-rest is encrypted using at least AES-256. Treasure Data leverages AWS KMS for key storage and management. Keys are rotated at least annually.

Shared security model

Diagram showing how customers and Treasure Data share security control.

Data localization

All infrastructure and storage services run within regional AWS data centers and leverage multiple Availability Zones. Treasure Data uses the following AWS regions:

  • US East (Northern Virginia)

  • US West (Oregon)

  • Europe (Frankfurt)

  • Asia Pacific (Tokyo)

  • Asia Pacific (Seoul)

Icon of Data localization

Beyond compliance: Our approach to security

Consumer data is gold and should be as safe and secure as any precious material.

Learn about how our comprehensive approach to security and privacy goes beyond compliance, helping global brands gain trust and see business value.

 

A CDP built on trust

All great experiences come down to trust. Do your customers trust you with their data? With Treasure Data, you have the tools and processes needed to ensure that every experience is built on a bedrock of trust that your customers demand.

Person smiling outside a warehouse on a sunny day with digital graphics overlay.

FAQs

Yes, Treasure Data engages with a variety of vendors defined as subprocessors. Learn more.

Yes. Download the report.

Yes. Download the report.

Yes, download a whitepaper about Treasure Data and HIPAA compliance.

Treasure Data values the security of its customers and is committed to ensuring that the systems and products are secure. We invite all bug bounty researchers to join our efforts in identifying and reporting vulnerabilities in our systems.

Submit your findings to our dedicated bug bounty email address (vulnerabilities@treasure-data.com) and help us keep Treasure Data secure. Let’s work together to make the Internet a safer place!

Yes, you can learn more about all the regulations in which Treasure Data is compliant by visiting our Trust & Security Center.

Treasure Data is committed to ethical AI innovation, user trust, and safe, fair, and reliable technologies. This includes implementing strict security measures such as AES-256 encryption, fine-grained access controls, continuous threat detection, and automated vulnerability scanning. Employees are restricted from direct access to customer data, ensuring both privacy and compliance.

Learn more about Responsible AI at Treasure Data.

 

Put trust and security at the top of your customer data strategy