Skip to main content

Data Security

Is Holistics GDPR-compliant?

Yes we are. Please see our GDPR page for more information.

Is Holistics SOC2-compliant?

Holistics is SOC2 Type 2 compliant. We’ve achieved our SOC 2 Report by partnering with Prescient Assurance, an independent auditor, and Vanta - the leading automated security platform - for continuous SOC2 compliance monitoring.

You can read the official blog post or community post for more information. Please fill out this form to get access to our SOC2 report.

Where are Holistics' servers located?

All of our servers are hosted with reputable data center providers:

  • Our Asia-Pacific servers are located in Singapore
  • Our Europe servers are located in Frankfurt, Germany
  • Our US servers are located in San Francisco

Does Holistics store my data?

Holistics does not store your raw data in our servers. This means that your data sits securely within your system at all times. You retain full ownership and control over your data.

When a user runs a report or explores a dataset, Holistics will generate and send an SQL query to your database for processing. Once the query completes, Holistics will display the results on your browser.

Holistics only stores a few things:

  • Metadata: the definitions and settings of your reports, dashboards, models... etc. For examples: report's query, description, chart type, delivery schedules...
  • Cache: Holistics gives you the option to set a cache for your reports, dashboards and filters. This speeds up access to your data and also protects your database against repeated queries. Cached data will expire after a determined period of time. No cache data will ever be stored forever on Holistics servers.

What does your cache store?

The cache layer only stores the query results (not the raw data of your database). For further technical details of Holistics's cache system, please refer to our docs about Holistics Reporting Mechanism.

When exactly does your cache store the data, and for how long?

Our cache server stores your query results in two instances:

  1. Initial Retrieval: When we first fetch the query result from your database, you can set the data caching duration in the Settings tab of the report.

  1. Report Export: When someone exports a report to Excel/CSV, we generate and store the file on our AWS S3 server. The encrypted files are automatically removed after 24 hours. For personalized storage on your S3 cloud, available in the Enterprise plan, please request this through your account admin(s) via an in-app support ticket.

When I persist my SQL data model into a physical table, where is the table stored?

As outlined in the documentation on Query Model Persistence, optimizing the load time of your SQL model involves transforming the result set of the SQL query into a physical table within your database.

Similar to reports, dashboards, filters, and other elements, Holistics only stores the metadata of the model (including SQL, model description, custom field formulas, etc.).

My database is behind a private firewall. How do I give access to Holistics?

As mentioned in Connect Database, to securely open your DB for Holistics to access, there are two ways:

  • IP Whitelist: You can add Holistics' IP addresses to your whitelist so that Holistics can connect to your DB. For more information, please refer to Direct Connection section.
  • SSH Tunnel: You can setup a secure SSH tunnel from your DB to Holistics Network, so that all traffic will go through this channel. For more information, please refer to Setup Reverse SSH Tunnels section.

Since our database credentials are stored in Holistics's system, how do you protect them?

We apply AES encryption before storing your credentials in our database. The credentials are then decrypted on the fly whenever we make a connection to your DB server, and the raw credentials are never persisted anywhere. The encryption key resides in a server separated from the DB server.

Our DB server is under a private VPC network and is only accessible by our app servers.

How do I track what data/reports my team has accessed?

Please refer to Monitoring Dashboard for more information.


Let us know what you think about this document :)