Data Policy
Overview and links
Data security and privacy is a core value of our team. Safeguarding your data is our highest priority in everything we do. To keep your data safe, we follow industry-standard security best practices throughout our product and cloud infrastructure. We also make a commitment to minimizing any data persistence on our servers.
Compliance
We are fully SOC 2 Type II compliant, with annual security audits and penetration tests. We are also fully GDPR compliant. Our clients have organization sizes that range from dozens to thousands and we have experience with a wide range of internal security reviews.
Our architecture
Arcwise's backend infrastructure is hosted on Google Cloud and Microsoft Azure, cloud providers with robust cloud security standards. We build on top of these proven standards, adopting additional security best practices where appropriate, in order to protect customer data and prevent unauthorized access to our systems.
Arcwise is connected to your data warehouse and other SaaS systems. When Arcwise pulls data into your spreadsheets from your data warehouse (Snowflake, BigQuery, etc.) we execute SQL queries on your behalf. Or, in the case of SaaS systems (Salesforce, Looker, NetSuite, etc.) we execute an API call.
In both cases, whenever we pull data, we do not persist any of your data on our servers. While the data pull is being executed our servers temporarily cache the requested data, but only for as long as the operation executes. We do persist metadata necessary to enable our AI to properly identify the right data sources, such as table names, columns names, and user entered descriptions.
Arcwise has a snapshotting feature that allows users to make a version of the data at a particular point in time. When a snapshot is created it is stored in your data warehouse in a schema provisioned for Arcwise. The snapshotting feature is optional, and can be disabled via the admin console.
Using data for AI performance
Arcwise depends on client metadata (table names, column names, etc.) and a history of user queries to the AI in order to improve AI performance. Each client's data is fully isolated from other clients and public access.
Arcwise uses Azure OpenAI (which has rigorous security and privacy guarantees) for its AI Analyst feature. Neither Arcwise nor Azure will use any AI interactions for model training purposes.
Authentication
Arcwise uses Google's OAuth 2.0 for user authentication. Users do not have to create a separate set of credentials (i.e. username/password) for Arcwise.
If you are a Google Workspace organization, our Google OAuth-based authentication means that when someone leaves your organization—and their Google Workspace user account is deleted—that user loses access to Arcwise automatically.
Request for data deletion
We can accommodate requests to remove data from our databases. There are a few steps involved:
Submit a request to arcwise-team@arcwise.app
Arcwise will verify the owner of the data by sending a confirmation email. If you are not the owner of the data, we will need the owner to provide the formal request.
Once confirmed, Arcwise will delete the requested data from our systems.