Updated 6 days ago
Fivetran is committed to providing a robust security and privacy program that protects each customer's information that is used and processed by Fivetran for providing our products and services. The following security documentation describes the administrative, physical, and technical safeguards Fivetran maintains for protecting the security, confidentiality, and integration of Customer Data while connecting, replicating, and loading data from all your data sources. To learn about Fivetran security in detail, see our security white paper. Any terms that are used but not defined herein shall have the meanings assigned to them in the Fivetran Master Subscription Agreement.
Contact firstname.lastname@example.org if you have any questions or comments.
Web portal connectivitylink
- All connections to Fivetran's web portal are encrypted by default using industry-standard cryptographic protocols (TLS 1.2+).
- Any attempt to connect over an unencrypted channel (HTTP) is redirected to an encrypted channel (HTTPS).
- To leverage HTTPS, your browser must support encryption protection (all versions of Google Chrome, Firefox, and Safari).
- Connections to customers' database sources and destinations are SSL encrypted by default.
- Fivetran can support multiple connectivity channels
- Connections to customers' software-as-a-service (SaaS) tool sources are encrypted through HTTPS.
- Databases and API cloud applications - Fivetran only requires READ permissions. For data sources that by default grant permissions beyond read-only, Fivetran will never make use of those permissions.
- Destinations - Fivetran requires the CREATE permission. This permission allows Fivetran to CREATE a schema within your destination, CREATE tables within that schema, and WRITE to those tables. Fivetran is then able to READ only the data it has written.
Retention of customer datalink
How long we retain customer data depends on the data type:
|Customer Data Type||Retention Period||Note|
|Customer data||< 8 hours (usually)||We purge customer data as soon as it is successfully written to the destination, except in the cases below.|
|Temporary data||< 24 hours (usually)||Some data integration or replication processes require ephemeral data specific to a data source (for example, binary logs for MySQL or events streams for Asana). We delete this data as soon as possible, though that may take more than 24 hours in rare cases.|
|Event data from the Webhooks connector and other connectors using webhooks||Varies||If you sync webhooks or event data, we retain that data for a limited time so that it can be re-synced if needed. To find the data retention period for your connector type, see our Events documentation.|
|Customer access keys||Persistent||We retain customer database credentials and SaaS OAuth tokens to securely and continuously extract data and troubleshoot customer issues. These credentials are securely stored in a key management system, which is backed by a hardware security module managed by our cloud provider.|
|Customer metadata||Persistent||We retain configuration details and data points (such as table and column names) for each connector so that this information can be displayed in your Fivetran dashboard.|
|Email attachments collected by Email connector||Persistent||The Email connector collects the email attachments, we back up and permanently store these attachments in an internal S3 bucket so that they can be re-synced if needed.|
In the following two cases, customer data is purged as soon as it is successfully written to the destination. If the data writing process takes longer than usual, the data is automatically purged after 30 days using object lifecycle management:
- Destination outage: If your destination is down, we maintain the data that we've read from your source so we can resume the sync without losing progress once the issue is resolved.
- Schema information for column blocking or hashing purposes: If you choose to block or hash columns before running the initial sync for your new connector, we query your data source and cache your data while we fetch the full schema. We write to the destination only the data you selected as tables and columns from the fully fetched schema and only when you approved the selection.
Access to Fivetran production infrastructure is only allowed via hardened bastion hosts, which require an active account protected by MFA (multi-factor authentication) to authenticate. Further access to the environment and enforcement of least privilege is controlled by IAM (identity and access management) policies. Privileged actions taken from bastion host are captured in audit logs for review and anomalous behavior detection.
Physical and environmental safeguardslink
Physical and environmental security is handled entirely by our cloud service providers. Each of our cloud service providers provides an extensive list of compliance and regulatory assurances, including SOC 1/2-3, PCI-DSS, and ISO27001.
Fivetran data residencylink
Fivetran runs data connectors on servers in the United States (US), Canada, European Union (EU), United Kingdom (UK), Australia, Singapore, India, Japan, Indonesia, and the Middle East. You can select your preferred data processing location when configuring your destination. All connectors configured in a destination run in the destination's designated location. This means that in most cases, your data will not leave our region-specific servers during processing. For example, if you configure your destination to use our EU servers, your data will not leave the EU during processing. See our destination documentation to learn how to configure your data processing location.
The exception to this rule are connectors that sync webhooks and event data. By default, we store that event data in a cloud storage service in one of the following data processing locations:
- the EU location - for destinations run in the EU location
- the UK location - for destinations run in the UK location
- the US location - for all other destinations
Fivetran runs our services on Google Cloud Platform (GCP), Amazon Web Services (AWS), and Azure. The following table lists regions supported by Fivetran for each service provider:
|Geography||GCP Regions||AWS Regions||Azure Regions|
|US||us-east4 (N. Virginia)* |
|us-east-1 (N. Virginia)* |
us-gov-west-1 (GovCloud US West)
|eastus2 (Virginia)* |
|UK||europe-west2 (London)||eu-west-2 (London)||uksouth (London)|
|EU||europe-west3 (Frankfurt)||eu-central-1 (Frankfurt)* |
|Canada||northamerica-northeast1 (Montréal)||ca-central-1 (Montréal)||canadacentral (Toronto)|
|Australia||australia-southeast-1 (Sydney)||ap-southeast-2 (Sydney)||australiaeast (Sydney)|
|Singapore||asia-southeast1 (Singapore)||ap-southeast-1 (Singapore)||southeastasia (Singapore)|
|India||asia-south1 (Mumbai)||ap-south-1 (Mumbai)|
|Japan||asia-northeast1 (Tokyo)||ap-northeast-1 (Tokyo)|
|Middle East||uaenorth (Dubai)|
*NOTE: Default region for a given cloud provider / geography combination.
IMPORTANT: Google Cloud Platform is the default cloud service provider. Google Cloud Platform is your only cloud service provider if you're on a Starter, Standard, or Free plan. You can select a different cloud service provider if you are on an Enterprise or Business Critical plan.
Regardless of the plan you use, you can select the geography when creating a destination. If you are on an Enterprise or Business Critical plan, you also can select the cloud service provider. Lastly, if you are on a Business Critical plan and select GCP or AWS as a cloud service provider, you can select a cloud region.
NOTE: For some cloud providers and geographies, there is only one region available.
|Plan||Choice of Geography||Choice of Service Provider||Choice of Cloud Region|
IMPORTANT: You need to safelist the corresponding Fivetran IPs in your firewall for the geography and region you selected for your destination.
Your organization permissionslink
- Users can use Single Sign-On with SAML 2.0. See the list of identity providers officially supported by Fivetran.
- Only users of your organization registered within Fivetran and Fivetran operations staff have access to your organization's Fivetran dashboard.
- Your organization's Fivetran Dashboard provides visibility into the status of each integration, the aforementioned metadata for each integration, and the ability to pause or delete the integration connection - not organization data.
- Organization administrators can request that Fivetran revoke an organization member's access at any point; these requests will be honored within 24 hours or less.
- Fivetran requires that all employees comply with security policies designed to keep any and all customer information safe, and address multiple security compliance standards, rules and regulations.
- Two-factor authentication and strong password controls are required for administrative access to systems.
- Security policies and procedures are documented and reviewed on a regular basis.
- Current and future development follows industry-standard secure coding guidelines, such as those recommended by OWASP.
- Networks are strictly segregated according to security level. Modern, restrictive firewalls protect all connections between networks.
Compliance and privacylink
- Fivetran regularly (annually) undergoes its own, independent SSAE18/SOC1 and AT101/SOC2 audit (Security, Availability, and Confidentiality criteria), and the report is made available under NDA to all existing and prospective customers by request under NDA.
- Fivetran maintains an Information Security Management System (ISMS) that complies with the requirements of ISO 27001. ISO/IEC 27001 certification applies to the overall Fivetran infrastructure and all products.
- Fivetran, in its potential role as data subprocessor, adheres to the principles of the EU94/95 privacy rules as well the upcoming GDPR rules when they are in effect.
- For all compliance reports and security/privacy document requests, visit Fivetran's Trust Center.
Under The HIPAA Security Rule, Fivetran does comply with HIPAA requirements for Protected Health Information (PHI) and will sign a Business Associate Agreement (BAA) with customers who are subject to HIPAA mandates (typically, HIPAA covered entities). Fivetran is not a covered entity under HIPAA rules, and therefore cannot be "HIPAA compliant", since HIPAA itself applies to covered entities (that is, those entities that are subject to regulation by the HHS). Fivetran serves as a data pipeline, which means that PHI traversing the Fivetran environment is never permanently stored. All transmissions are encrypted using industry best practices (at present, TLS 1.2+). Temporary storage may occur when the amount of data transmitted exceeds the capacity for real-time processing, and as a result, requires short-term caching. Such temporary storage is encrypted. All customer data, including PHI, is purged from Fivetran's system as soon as it is successfully written to the destination.
In the event of a data breachlink
To date, Fivetran has not experienced a breach in security of any kind. In the event of such an occurrence, Fivetran protocol is such that customers would be made aware as soon as the compromise is confirmed.
Responsible disclosure policylink
At Fivetran, we are committed to keeping our systems, data and product(s) secure. Despite the measures we take, security vulnerabilities will always be possible.
If you believe you’ve found a security vulnerability, please send it to us by emailing email@example.com. Please include the following details with your report:
- Description of the location and potential impact of the vulnerability
- A detailed description of the steps required to reproduce the vulnerability (POC scripts, screenshots, and compressed screen captures are all helpful to us)
Please make a good faith effort to avoid privacy violations as well as destruction, interruption or segregation of services and/or data.
We will respond to your report within 5 business days of receipt. If you have followed the above instructions, we will not take any legal action against you regarding the report.
Diagnostic data accesslink
IMPORTANT: Fivetran cannot access your data without your approval.
When working on a support ticket, we may need to access your data to troubleshoot or fix your broken connector or destination. In that case, we will ask you to grant Fivetran access to your data for the next 21 days. You can allow or deny data access. If you grant us data access, you can revoke it at any moment before the 21-day diagnostic period has expired.
See our getting support documentation for more details.