Rockset Security & Compliance

Our customers trust Rockset to protect their data. That trust requires a service that is highly available and secure. As a Rockset customer, you benefit from a service designed, built, maintained, and monitored to meet rigorous security, compliance, and privacy requirements.

Built For The Cloud

Rockset is offered as a fully managed cloud service - 100% born and built in the cloud. Currently, all of Rockset's services are run and hosted in Amazon Web Services (AWS), hence our security policies follow AWS best practices and leverage the underlying security policies of AWS. Rockset does not operate any physical hosting facilities or physical computer hardware of its own.


Security Features

Rockset offers enterprise-level security features designed to protect and secure Rockset customer data.

feature-image
IP Allowlist

IP Allowlisting restricts access to only a specified set of IP addresses so only calls made to the Rockset service originating from a specified IP address will be accepted.

feature-image
Views

Views are stored SQL queries that can be queried like any other persistent data in Rockset and provide you extra security by limiting the exposure of the underlying data to authorized users.

feature-image
Role Based Access Control (RBAC)

Rockset enforces least privileged access through custom roles that can be scoped to the resource level and to specific actions, giving users only the level of access they need at that time.

feature-image
Data Masking

PII (personally identifiable information) or PHI (protected health information) fields can be transformed at ingest with a one-way crypto hash function so that Rockset only stores the hashed value and not the original PII/PHI field.

feature-image
Single Sign On

Rockset has integrations with SSO providers like Okta to enforce strong user authentication to Rockset.

feature-image
Audit Logging

Rockset maintains comprehensive, searchable, and exportable audit logs of all security-related events including authentication, permissions changes, CRUD operations, assumptions of privileges, and more.

feature-image
Multi-Factor Authentication

Rockset has native support for strong multi-factor authentication including TOTP when accessing the Rockset console.


Data Encryption

feature-image
Data Encryption in Flight

Data in flight from customers to Rockset and from Rockset back to customers is encrypted through TLS 1.2 certificates with HSTS and controlled by network policies. Certificates are created and managed by AWS Certificate Manager. An AWS application load balancer terminates TLS connections at our API endpoint. We secure internal communication using AWS VPC functionality.

feature-image
Data Encryption at Rest

Data is encrypted at rest throughout all of Rockset's services using encryption keys that are managed by AWS Key Management Service (KMS) and are never exposed to anyone, including to Rockset employees.


Vulnerability Management

feature-image
Penetration Testing

Rockset employs a third party security firm to perform Security, Vulnerability, and Penetration testing across our platform. These are run at least annually and findings are remediated according to their criticality and prioritization.

feature-image
Vulnerability Disclosure Program

Rockset is committed to working with industry experts and security researchers to ensure our products are the most secure they can be for our customers. Rockset partners with HackerOne in order to continuously improve our security posture.


Compliance & Privacy

Rockset is committed to being transparent about the data we handle and how we handle it. Learn more in Rockset’s Privacy Policy.
feature-image
SOC 2 Type II

Rockset has certified its systems annually to AICPA SOC 2 Type II since 2021, successfully auditing the operational and security processes of our service and our company. Rockset’s SOC 2 Type 2 report is available upon request.

feature-image
GDPR

The General Data Protection Regulation (GDPR) regulates the use and protection of personal data originating from the European Economic Area (EEA) and provides individuals rights with regard to their data. Rockset provides our customers the necessary capabilities for building GDPR compliance.

feature-image
CCPA

The California Consumer Privacy Act (CCPA) creates consumer rights relating to the access to, deletion of, and sharing of personal information that is collected by businesses. Rockset is committed to supporting its customers in their CCPA compliance efforts.

Security Whitepaper CTASecurity Whitepaper CTA