Search documentation...

K

Overview

Hightouch is committed to building a data activation tool that's held to the highest possible security standards, as we work with large healthcare, financial and public enterprises to sync sensitive customer data to downstream tools and systems.
All Hightouch customers have the option to ensure no customer data is stored in Hightouch's Infrastructure at all.
This document breaks down our security and infrastructure in greater detail, and also outlines a couple of options each customer has for data transfer and storage, with associated considerations.

Compliance

We are compliant with SOC 2 Type 2, HIPAA, GDPR, CCPA and, Privacy Shield.
In addition to these certifications:
  • We have regular third-party penetration testing (please contact your Customer Success Manager for the latest report)
  • Have automated vulnerability scanning in our platform

SOC2 Type 2 Audit Report

If you are an existing Hightouch customer, contact your Customer Success Manager or ping us in your dedicated Slack channel and we are more than happy to give you our SOC 2 audit report. If you are currently trialing Hightouch, your point of contact can provide you with the SOC 2 audit report under NDA.

Basic Architecture Overview

Hightouch connects to your data warehouse (similar to any Business Intelligence tool). We can connect through an SSH or reverse SSH tunnel, and once you've obtained a connection you'll be able to define data models that you'll want to sync to downstream tools, via SQL. These data models are purely SQL definitions and do not store data.
A sync defines how data should be mapped to a destination, and how often it should run. When a Hightouch sync initiates, Hightouch executes the SQL query (associated with your data model) on your data warehouse, identifies only the incremental rows that need to be sent to the associated downstream tool (since the last subsequent sync), and will then translate these rows to the appropriate APIs.
Customer data is only flowing through our infrastructure during an "active sync," is encrypted in-transit via TLS as it is flowing through our system, and our compute instances are not exposed to the internet (and are secured according to AWS cloud security best-practices).
After sending data downstream, Hightouch stores off full request/response payloads into a cloud storage bucket (AWS S3, Google Cloud Storage, etc.) which can be the customer's own cloud bucket within their own infrastructure. Our live debugger in the workspace actually directly queries from this cloud bucket for row-level debugging, and you can set your own custom retention policies for these logs.

Change Data Capture

Between syncs, Hightouch will automatically identify the incremental changes in your data models based on the primary key of records, so that only updates (added, changed, or removed records) are sent to destinations. There are two methods that Hightouch can support this, and it's your choice which one you'd like to use:
  • Warehouse Planning - This is our recommended option, and allows the diff compute to be done within the customer warehouse. To allow this, Hightouch will need WRITE access to a specific table in your warehouse, which will simply store metadata from previous syncs in your warehouse. This allows for faster syncs at higher volumes, and our larger ENT customers are typically using our warehouse planning for performance reasons.
  • Local Diffing - This is our default method, where we'll store previous diffs in an S3 bucket. If you're on our Self-Service Tier, this will be an encyrpted S3 bucket that we maintain on your behalf, however on our Business tier, you can configure Hightouch to use your own S3/GCP bucket so no data is ever stored in Hightouch's infrastructure. With local diffing, the actual compute to diff each query is done in our infrastructure, so it has slightly slower sync speeds but has the benefit of not requiring WRITE access to your data warehouse and offloads some compute from your warehouse.

Bring Your Own Bucket

On our self-service payment tiers, Hightouch stores your query results in an encrypted Amazon S3 bucket on your behalf with a retention policy of 30 days.
If you would like more control over your data, you can host your own bucket in your own AWS or Google Cloud instance on a custom pricing plan. Please contact your Highouch account representative for details on getting access to this feature.

    Need help?

    Our team is relentlessly focused on your success. We're ready to jump on a call to help unblock you.

    • Connection issues with your data warehouse?
    • Confusing API responses from destination systems?
    • Unsupported destination objects or modes?
    • Help with complex SQL queries?

    or

    Feature Requests?

    If you see something that's missing from our app, let us know and we'll work with you to build it!

    We want to hear your suggestions for new sources, destinations, and other features that would help you activate your data.

On this page

OverviewComplianceSOC2 Type 2 Audit ReportBasic Architecture OverviewChange Data CaptureBring Your Own Bucket

Was this page helpful?