Data Security in DataStori
DataStori uses a hybrid execution model that separates pipeline orchestration from data execution. The orchestration layer runs in DataStori's cloud, but your data never leaves your own environment. This architecture ensures full data sovereignty for organizations focused on privacy, compliance, and security.
What Is the Hybrid Execution Model?
DataStori operates using a hybrid execution model that separates control from execution. The DataStori web application manages and orchestrates the pipelines, while the actual pipeline execution and data storage takes place entirely within your own cloud environment. This ensures that your data remains inside your IT infrastructure at all times.
How Does Pipeline Execution Work in Your Cloud?
When a pipeline is triggered, DataStori sends only the necessary instructions, code, and credentials to your cloud environment. It then provisions the required compute and infrastructure to execute the pipeline on your behalf.
DataStori never sees your data. Its access is limited to provisioning and orchestrating compute resources — it cannot read, write, or access the actual data flowing through your pipeline.
Why Does Data Never Leave Your Environment?
Once the infrastructure is live, your data flows securely between your cloud storage and business applications without ever passing through DataStori servers. DataStori's role is limited to monitoring pipeline progress (success, failure, or retries) and providing visibility into execution status.
Because execution takes place in your cloud:
- Your data never leaves your environment
- You maintain full control over governance and access policies
- Deployments are supported across AWS, Azure, or GCP in any region
What Data Security Features Does DataStori Provide?
DataStori provides advanced security features that help you meet regulatory and compliance requirements. These tools are valuable in compliance-heavy industries such as finance, healthcare, and insurance.
Selective Column Output
Include only the necessary columns in your final dataset to minimize data exposure.
Column-Level Encryption
Encrypt sensitive or personally identifiable information (PII) before writing it to your data warehouse.
Customer-Managed Keys and Client-Side Encryption
Organizations in regulated sectors use DataStori's granular controls to build secure, audit-ready data pipelines while keeping their data fully protected within their own infrastructure.
How Is the DataStori Application Itself Secured?
The DataStori web application is SOC 2 Type 2 compliant and employs best practices recommended by AWS. API tokens are encrypted with AES-256, multi-factor authentication is enforced, and virtual network isolation protects the control plane. For more information on security, visit the DataStori security portal or contact contact@datastori.io.
Frequently Asked Questions
Does DataStori ever access my business data?
No. DataStori can only access pipeline metadata such as execution status and retry counts. It cannot read, write, or view the actual business data flowing through your pipelines.
Which cloud providers does DataStori support?
DataStori supports pipeline execution on AWS, Microsoft Azure, and Google Cloud Platform in any region. You choose where your data lives.
Is DataStori compliant with SOC 2?
Yes. The DataStori application is SOC 2 Type 2 compliant. The platform also supports column-level encryption, customer-managed keys, and selective column output for organizations in regulated industries.