Link Search Menu Expand Document

Data security and privacy

Soda works in several ways to ensure your data and systems remain private.

Making secure connections

Installed in your environment, you use the Soda SQL command-line tool to securely connect to a data source using environment variables to store login credentials.

You can also connect to a data source in Soda Cloud. Soda Cloud stores your login credentials securely in our database; passwords are encrypted and can only be read by the components of Soda SQL that connect to perform scans of your data.

To communicate with your data source, Soda Cloud uses a Network Address Translation (NAT) gateway with the IP address 54.78.91.111. You may wish to add this IP address to your data source’s passlist.

Single sign-on with Soda Cloud

Organizations that use a SAML 2.0 single sign-on (SSO) identity provider can add Soda Cloud as a service provider. Once added, employees of the organization can gain authorized and authenticated access to the organization’s Soda Cloud account by successfully logging in to their SSO. See Single sign-on with Soda Cloud for details.

Sending data to Soda Cloud

Soda SQL uses a secure API to connect to Soda Cloud. When it completes a scan, it pushes the scan results to your Soda Cloud account where you can log in and examine the details in the web application.

Notably, your Soda Cloud account does not store the raw data that Soda SQL scans. Soda SQL pushes metadata to Soda Cloud; by default all your data stays inside your private network.

Soda Cloud does store the following:

  • metadata, such as column names
  • aggregated metrics, such as averages
  • sample rows and failed rows, if you explicitly set up your configuration to send this data to Soda Cloud

Where your datasets contain sensitive data or private information, you may not want to send sample data from your data source to Soda Cloud. In such a circumstance, you can disable the samples feature entirely in Soda Cloud.

If you use Soda SQL to programmatically schedule scans of individual datasets, you can configure Soda SQL to send a dataset’s samples or failed row samples to a secure location within your organization’s infrastructure, such as an Amazon S3 bucket or Google Big Query. Refer to Reroute sample data and Reroute failed row samples for details.

Read more about Soda’s Privacy Policy.

Compliance and reporting

In September 2021, an independent review of Soda’s source code was conducted and the result indicated that the code is sound.

As a result of an independent review in September 2021, Soda has been found to be SOCII Type 1 compliant. Soda is scheduled for SOCII Type 2 accreditation as soon as the minimum time interval from Type 1 accreditation has elapsed. Contact support@soda.io for more information.


Last modified on 18-Oct-21

Was this documentation helpful?
Give us your feedback in the #soda-docs channel in the Soda community on Slack or open an issue in GitHub.