Own your data


Customer trust and data security are critical to everything we do at Hightouch. From the beginning Hightouch has been architected to keep your data in your hands.

Hightouch is SOC 2 Type 2 Compliant for security, availability, and confidentiality. To see our report, contact us at security@hightouch.io

Hightouch is compliant with GDPR. If you are in the EU, your data is only stored in EU servers. EU companies in regulated industries (like Billie & Spendesk in Fintech) use Hightouch

Hightouch is compliant with HIPAA. Healthcare companies like ThirtyMadison use Hightouch

Hightouch is fully compliant with CCPA. To see our DPA (Data Processing Addendum), contact us at security@hightouch.io

Keep your data in your warehouse

Novel Hybrid Architecture

Hightouch never stores any of your data. We don't need to and don't want to. Instead, we use our cloud for compute, but storage remains on prem in your cloud. We believe that companies should have control of their data and not be locked to any single vendor.

How your data passes through Hightouch:

  • 1

    We run queries directly on your warehouse.
  • 2

    (Optional). We store all customer data (logs, query results, etc) temporarily in your cloud (ex: AWS, GCP).
  • 3

    We transfer data to your destination, without storing it on our end.
Learn more
Data GovernanceVersion ControlSingle Sign On
Control access within your organization

Product security

Hightouch provides security features to ensure that only authorized users can access and change your Syncs.

Data Governance

Control who has read and edit access to certain models, destinations and syncs

Version Control and Approvals through Git

See all edits & roll back unintended changes immediately through Git. You can require PRs to ensure all changes get approved first

Single Sign On (SSO)

We connect with multiple auth providers to ensure only members of your organization can access your Hightouch workspace

Data GovernanceVersion ControlSingle Sign On
We follow industry security standards

Internal Security

Within the Hightouch organization, we follow top security standards to ensure your data remains in your warehouse and tools.

  • We complete regular security-design reviews and pen tests using trusted security vendors, as well as regular audits such as SOC 2 Type 2
  • We encrypt all data at rest and protect by TLS in transit. Hightouch’s metadata database is encrypted by Amazon AWS using standard AES-256 encryption algorithms.
  • We limit internal access to tools and resources using time-based access.
internal security
Regulated Industries
We work with regulated industries

Regulated Industries

Hightouch works with international companies in regulated industries like Finance (Plaid, Billie) and Healthcare (Thirty Madison, Headway).

  • Hightouch is HIPAA compliant. We have a standard Business Associate Addendum (BAA) we present to customers for signature and can also work with your existing BAA.
  • Hightouch is GDPR compliant. For EU customers such as Spendesk and Billie, data is only stored in EU servers.
Regulated Industries