We Value Your Data Security

Trust & Security

Every decision we make is rooted in our values—humility and responsibility. From our processes, behaviors, and down to every level of infrastructure, we make no compromises when it comes to our customers’ data security. To learn more about Treasure Data security controls, visit our Trust and Security Center to view our security documentation, white papers, request compliance certifications (ISO, SOC2), and more.

Review Security Documentation


Treasure Data maintains an array of compliance certifications and attestations to affirm our commitment to data security for our customers. To learn more about Treasure Data Compliance, click through each tile below.

SOC 2 Type 2

Treasure Data undergoes an annual SOC 2 Type 2 audit covering the Security, Confidentiality, and Availability Trust Services Criteria.

Get a copy


Treasure Data undergoes an annual SOC 3 Type 2 audit covering the Security, Confidentiality, and Availability Trust Services Criteria.

Get a copy

ISO/IEC 27001

Treasure Data undergoes an annual ISO/IEC 27001:2013 certification audit over the ISMS that governs the Treasure Data CDP.

Get a copy

HIPAA Type 2

HIPAA compliance ensures that Treasure Data protects the confidentiality, integrity, and security of ePHI for our healthcare and life sciences customers. Treasure Data undergoes an annual HIPAA Type 2 audit to verify all HIPAA Security Rule requirements are addressed and operating effectively.

Get audit report | Read white paper

CSA STAR Level 1

CSA Star Level 1 is a self attestation intended for Cloud Service Providers (CSPs) that validates Treasure Data’s use of industry-leading best practices to secure data in our CDP.

Get a copy

Privacy Mark

Treasure Data undergoes annual PrivacyMark compliance audits. PrivacyMark is a privacy-centric certification in Japan that focuses on enhancing consumers' awareness of personally identifiable information (PII) protections. The requirements are based on JISQ standards and are governed by JIPDEC (Japan Institute for Promotion of Digital Economy and Community). PrivacyMark is viewed as the Japan equivalent of the ISO/IEC 27001.

Get a copy


Treasure Data has developed a guide to help our customers understand how our control environment aligns with the Center for Financial Industry Information Systems (FISC) guidelines. Many of the controls outlined in our guide are already implemented as part of existing third-party audited compliance offerings, such as our ISO/IEC 27001 certification and SOC 2 Type 2 report.

Get a copy

Platform Security

Customer Data Encryption
Customer Data Protections
API Security
Service Availability
Penetration Testing
Security Monitoring and Response

Shared Security Model

The following shared model indicates which control domains are owned by the customer, Treasure Data, and Treasure Data’s Infrastructure as a Service (IaaS) provider. Treasure Data is responsible for protecting the underlying infrastructure that runs the CDP; the customer is responsible for controlling the CDP.

Shared Security Model
Shared Security Model

Data Localization

All infrastructure and storage services run within regional AWS data centers and leverage multiple Availability Zones. Treasure Data uses the following AWS regions:

  • US East (Northern Virginia)
  • US West (Oregon)
  • Europe (Frankfurt)
  • Asia Pacific (Tokyo)
  • Asia Pacific (Seoul)

Datacenter Locations

Frequently Asked Questions

Yes, Treasure Data engages with a variety of vendors defined as subprocessors.

Learn more

Yes, you can download Treasure Data’s most recent SOC 2 Type 2 report.

Download the report

Yes, you can request a copy of Treasure Data’s most penetration testing report.

Download The Report

Yes, click here to download a white paper about Treasure Data and HIPAA compliance.

Read the White Paper

Treasure Data values the security of its customers and is committed to ensuring that the systems and products are secure. We invite all bug bounty researchers to join our efforts in identifying and reporting vulnerabilities in our systems.

Submit your findings to our dedicated bug bounty email address (vulnerabilities@treasuredata.com) and help us keep Treasure Data secure. Let’s work together to make the Internet a safer place!

Yes, you can learn more about all the regulations in which Treasure Data is compliant by visiting our Privacy Compliance page.

Learn More
Trust for CDP

Trust for CDP

Treasure Data does more than just data security. Our CDP comes with privacy and governance features like PII Hiding, policy-based permissions, and consent management. Click below to learn more about Trust for CDP.

Learn More About Trust for CDP

Talk with our experts

Still have questions about data security with Treasure Data? Let us connect you with one of our experts.

Consult an Expert

Boost your skills and credibility with Treasure Data's professional certifications.

Expand Your Knowledge