en

Trust and Security at Dataiku

Dataiku is committed to providing security, privacy, and accessibility for our products and services. We implement best practices and industry standards based on the latest information and regulations. Our goal is to provide a product that our customers can trust.

Security
Certifications & Memberships
Privacy
Accessibility
Resources

Security

The most critical business assets of Dataiku are the information it collects, produces, transmits, processes and stores, particularly when this information is entrusted to Dataiku by our customers. Protecting this information to ensure security and availability while reducing associated risks and related impacts from incidents is prioritized by Dataiku. Dataiku has designed, implemented, and is actively maintaining an information security program to accomplish this objective.

We deliver Dataiku’s platform via two methods:

Self-Managed (On-Premise / Cloud Stacks)

Dataiku’s software is installed on our client’s cloud environment or installed onto our clients’ internal IT environment. Dataiku, as a company, does not process, store our client’s data under this delivery method by default. Without explicit consent and action from our client, Dataiku personnel will not have access to our client’s data.

For more information regarding the Dataiku platform, please refer to https://doc.dataiku.com/dss/latest/.

For information on Dataiku security at the application level, please refer to https://doc.dataiku.com/dss/latest/security/index.html.

Dataiku Cloud (SaaS Offering)

Dataiku Cloud is Dataiku’s fully managed Software-as-a-Service solution. In this case, Dataiku will be providing a managed service, and specified controls are implemented to ensure security of the platform hosting client data. Unless access is needed for regular maintenance purposes, Dataiku will not access client data without explicit consent.

Dataiku also leverages existing security controls within the AWS infrastructure to provide services to our customers.

For more information regarding Dataiku Cloud, please refer to the Dataiku Cloud Risk and Security Practices.

Certifications & Memberships

Dataiku implements best practices and industry standards to achieve compliance with numerous leading information security certifications and authorizations. View our technical and regulatory certifications below.

 

 

  iso27001 ISO 27001 Dataiku is ISO 27001:2022 certified, demonstrating that Dataiku has implemented and maintained an Information Security Management System (ISMS). The ISMS is the international gold standard of technical and administrative information security requirements involved in an organization’s risk management process. Download a copy of our certification here.
ISO 27701 Dataiku is ISO 27701:2019 (data processor & data controller) certified, demonstrating that Dataiku has implemented and maintained a Privacy Information Management System (PIMS) for its data processing activities.
ISO 9001 Dataiku is ISO 9001:2015 certified, demonstrating Dataiku’s commitment to delivering high quality product, services and meeting the needs of customers and applicable statutory and regulatory requirements. Download a copy of our certification here.
SOC 2 SOC 2 Dataiku has completed a SOC 2 Type II assessment to assure our customers that internal controls are in place to protect their data. It contains our auditor’s evaluation of the design, implementation, and operating effectiveness of Dataiku’s internal controls based on the AICPA Trust Services Principles Criteria for Security. Please reach out to your account representative for a copy of our SOC 2 Type II report.
HIPAA To support the compliance programs for our Healthcare/ Life Sciences customers, Dataiku has voluntarily extended its Trust program to include a HIPAA (Health Insurance Portability and Accountability Act) compliance report. Our auditors provided their opinion on if the information security program implemented to support Dataiku Cloud conformed to the applicable implementation specifications within the HIPAA Security Rule, and the HITECH breach notification requirements, as described in HIPAA Part 164 of CFR 45. Please reach out to your account representative for a copy of our latest HIPAA compliance report.
gxp GxP Dataiku is a GxP-compliant supplier with a number of healthcare and pharmaceutical clients. Dataiku is able to demonstrate to our clients it meets industry-leading practices of quality and security to adhere to our clients’ Quality Management Systems (QMS).

To ensure Dataiku is up-to-date with the most current security best practices, Dataiku or its personnel are also part of the following international organizations.

  • Information Systems Audit and Control Association (ISACA) – Dataiku information security personnel hold numerous ISACA certifications and are active members of the ISACA community. Our personnel actively participate in knowledge sharing to enhance the current information security field.
  • International Information System Security Certification Consortium (ISC2) – Dataiku information security personnel hold numerous ISC2 certifications and are active members of the ISC2 community.

Privacy Program Overview

Dataiku has a privacy team, led by the Legal & Compliance team consisting of legal, compliance, IT security, IT, engineering, and operations personnel that governs and monitors the effectiveness of our privacy program. Privacy risks are evaluated regularly as a part of its annual risk assessment exercise. Risks identified are addressed using a risk-based basis, communicated, and tracked internally with relevant teams within Dataiku. Our Privacy Policy highlights how Dataiku handles privacy within our company and our product. Our privacy team can be reached at [email protected].

Any breaches of personal data processed by Dataiku follow the internal incident management process, where an internal incident response team coordinates the response of the incident and engages subject matter experts as needed.

Dataiku also conducts mandatory data handling training during onboarding and annually as a part of its compliance training program to educate employees on handling procedures for personnel data. Personal data, if captured, is securely stored under industry-standard practices and is retained for a period limited to its necessity and per legal and regulatory requirements.

Dataiku is compliant with global data protection regulations, such as the GDPR and the CCPA.

Self-Managed (On-Premise / Cloud Stacks)

Dataiku clients can deploy the Dataiku platform on-premises or within their cloud tenant. Dataiku does not store, process, or access client content data with this deployment method. Clients decide the content data ingested into the Dataiku platform and can correct or delete the data as desired to serve the intended business needs.

Dataiku Cloud (SaaS Offering)

For Dataiku Cloud, Dataiku is a data processor. The Data Processing Addendum (“DPA”) is available for our customers’ reference for the protection and compliance procedures that Dataiku provides as required by applicable data privacy laws.

Our customers can choose the region where their content data is stored and decide what type of data should be ingested into Dataiku Cloud. The content data can be accessed, modified, and deleted anytime to serve the intended business needs.

Additionally, Dataiku Cloud provides multiple layers of security to protect our customers’ data, including controls already provided by AWS and additional controls performed by Dataiku. For more information regarding these controls, please refer to the Dataiku Cloud Risk and Security Practices.

Privacy Program Frequently Asked Questions 

For which purposes do we process personal information?

Dataiku only collects personal data, to the extent necessary to fulfill a variety of purposes such as:

  • Provide and support our website and services;

  • Verify accounts and activity;

  • Provide licenses or register you to use our Service;

  • Provide you with customer support for our Service;

  • Send you questionnaires and surveys that allow us to improve our Service;

  • Allow you to apply for positions at Dataiku;

  • Allow you to make a request for a demo of our Service;

  • Enable you to register for events organised by us and/or in collaboration with others;

  • Allow us to carry out obligations relating to any agreements entered into with Users and/or their companies;

  • Allow us to collect usage statistics for internal analytics relating to our Service in order to improve the Service and provide better support;

  • Notify you of changes to our Service and Websites; and

For more details, please check our Privacy Policy

Who do we share personal data with?

Dataiku works with third-party providers with whom we might share your personal information, to the extent required, to provide our services. All Dataiku’s third-party providers who have access to personal data have adhered to strict data processing obligations, consistent with our services and in accordance with applicable laws and regulations.

Your personal data may be transferred to and stored by Dataiku, its affiliates, or its third-party providers, in countries outside the EEA.

Dataiku has taken steps to offer to the personal data exported from the EEA, the same level of protection as the one set by the GDPR, by implementing technical and operational measures to ensure the integrity of your personal information.

What are your rights relating to your personal data?

Dataiku is engaged to offer its customers transparency and control on their personal information. As a data subject, you have rights on your personal information and when possible, you can request to view, correct, complete, delete or limit the personal information we hold about you.

Dataiku has in place an easy mechanism, allowing you to contact us and choose the fate of your personal information.

How to exercise your rights?

If you wish to exercise your rights relating to your personal data, please contact us at [email protected]. When you contact us, please indicate your decision on what you would like us to do with the personal data we have about you  (deletion, limitation, correction, etc.)

How to contact us?

If you have any questions concerning our privacy policies or how we treat your personal data, please email us at [email protected].

Accessibility

Dataiku is committed to making our product and services available to everyone. Dataiku recognizes the highly visual-oriented nature of the software. We continuously work to improve opportunities and access for people of all abilities, which includes exploring new product features that enable users to work with data. The Dataiku platform is currently partially compliant with WCAG 2.1A and benefits from browser accessibility features as a web-based application. The platform also offers visual-oriented capabilities, such as restrictions from time-based functionality, complex gestures, and keyboard shortcuts for more convenient navigation. Dataiku undergoes regular accessibility assessment and incorporates accessibility-related concerns when prioritizing and designing new features and functionalities.

Accessibility in DSS 

The Dataiku platform provides the following accessibility features:

Using DSS with a screen reader 

The Dataiku platform can be used with a screen reader, such as VoiceOver. VoiceOver is a third party product and users are responsible to obtain their own license for the screen reader.

Resources

Dataiku Master License Agreement (on-prem)

Dataiku Cloud Terms  (SaaS)

Dataiku Data Processing Addendum (SaaS)

Dataiku Privacy Policy 

Dataiku Cloud Risk and Security Practices

Dataiku Product Documentation

Dataiku Security Documentation