Skip to main content
Firebolt
start free →

Security & Trust Center

We treat security as a rigorous engineering discipline, not a compliance checklist. Firebolt protects your workloads with an impenetrable, defense-in-depth architecture built directly into the engine.

  • SOC 2 TYPE II
  • ISO 27001
  • ISO 27018
  • HIPAA BUSINESS ASSOCIATE
  • GDPR ALIGNED

ARCHITECTURE

See how we protect your data

Two lenses on Firebolt’s security model: the technical layers we enforce, and the clear division of responsibility between you and us.

# CODE TO CLOUD

Comprehensive security: code to cloud

Controls are embedded across the software lifecycle and runtime stack, not added as a final checklist.

~ Secure code (shift-left)
Static analysis, dependency checks, and targeted fuzzing are integrated into development workflows.
~ Secure pipeline
Automated validation gates in CI/CD reduce the chance of vulnerable builds reaching production.
~ Secure cloud runtime
Tenant isolation, hardened network controls, and continuous monitoring protect workloads in operation.
~ Secure access
Zero-trust principles, SSO, MFA, and least-privilege access policies constrain blast radius.

# DEFENSE-IN-DEPTH

Defense in depth (concentric layers)

A layered security architecture that protects data across multiple control planes.

~ Ring 4 — Perimeter security
WAF (Web Application Firewall), DDoS protection.
~ Ring 3 — Network & runtime security
Network policies, eBPF runtime protection, Kubernetes admission controllers, micro-segmentation / VPC.
~ Ring 2 — Identity protection
MFA (Multi-Factor Authentication), SSO (Single Sign-On).
~ Ring 1 — Governance & access control
RBAC (Role-Based Access Control), strict tenant isolation, governance policies.
~ The core — Data protection
Customer data, encryption at rest, encryption in transit.

# RESPONSIBILITY BOUNDARY

Shared responsibility model

Security is a partnership. Here is the responsibility boundary.

YOUR RESPONSIBILITY

  • User accounts
  • Data classification
  • Query logic
  • RBAC configuration

FIREBOLT MANAGES

  • Application logic
  • Host OS
  • Network infrastructure
  • Physical hardware

PHILOSOPHY

Security through engineering. Not just policy.

Trust isn’t built on promises — it’s built on proof. At Firebolt, we treat security as a rigorous engineering discipline, not just a final compliance checklist. We aggressively hunt vulnerabilities with custom-built tooling and protect your workloads through an advanced, transparent architecture.

ENGINEERING BLOG

The Security Engineering Blog

Read how our engineering team tackles emerging risks, Kubernetes security, and governance architecture.

COMPLIANCE

Global compliance. Local sovereignty.

Your data belongs to you. We provide rigorous legal and technical frameworks to keep it compliant — wherever your users reside.

## ~ GLOBAL PRIVACY FRAMEWORK

SOC 2 Type II

Audited

Independent annual audits validate controls for security, availability, and confidentiality.

ISO 27001

Certified

Information security management is aligned to globally recognized ISMS standards.

Role-based access & MFA

Enforced

Access controls are designed around least privilege with strong authentication requirements.

HIPAA support

Available

Support is available for HIPAA-aligned deployments, including BAA options where needed.

GDPR readiness

Aligned

Privacy controls and contractual frameworks support GDPR obligations across covered workflows.

Data encryption

Default

Encryption in transit and at rest is enforced with industry-standard controls and key management.

## ~ CROSS-BORDER DATA TRANSFERS

Standard Contractual Clauses (SCCs)

EU SCCs Modules 2 & 3 for EEA transfers, ensuring lawful data export under GDPR.

UK Addendum

UK International Data Transfer Addendum for post-Brexit transfers to and from the UK.

Adequacy decisions

EC adequacy decisions covering transfers to recognised countries, including Israel.

## ~ DATA PROCESSING ADDENDUM

Firebolt Data Processing Addendum (DPA)

Our DPA outlines how we handle your data under GDPR, CCPA, and other applicable regulations. A current sub-processor list is available upon request.

download DPA

## ~ ADDITIONAL COMPLIANCE FEATURES

Data portability & vendor independence

EU Data Act support with export to open, standard formats. Your data is never locked in.

GDPR & right to be forgotten

Row-level DELETE and Partition Drop for surgical, auditable erasure of personal data on demand.

Observability: bring your own SIEM

Export audit logs to S3 in CSV, JSON, or Parquet. Plug directly into your existing security stack.

RESOURCES

Certifications, documentation & legal

# CERTIFICATIONS & AUDITS

Certifications & Audits

~ SOC 2 Type II
Annual audit covering Security, Availability, and Confidentiality trust service criteria.
request report
~ HIPAA Support
Support for HIPAA-aligned deployments for handling Protected Health Information, with BAA options available.
request report
~ ISO 27001
Internationally recognised information security management system (ISMS) certification.
request report
~ ISO 27018
Code of practice for protecting personally identifiable information (PII) in public clouds.
request report

Reports available upon request for enterprise accounts.

Business Associate Agreement (BAA)

We offer a signed HIPAA Business Associate Agreement for customers who handle Protected Health Information on Firebolt.

request BAA

FAQ

Frequently asked questions

more questions? visit our full FAQ →

Last updated: January 2026 · security@firebolt.io

  • SOC 2
  • ISO 27001
  • HIPAA Support