superQuery’s data platform is based on top of your existing database, using a secure connection to query your data warehouse directly. Your optimized queries access the data needed to answer your question in your database, return the results, and the answer is stored in a short-lived cache. You can also control and configure these parameters based on your needs and policies.
Thanks to superQuery’s single point-of-access for your data, you can establish a robust data governance infrastructure, giving everyone within your company the ability to answer their own questions, while keeping data sprawl to a minimum and access to sensitive information restricted. Administrators can configure permissions by user or group, and can restrict data access from the database level all the way down to the row or column level.
Administrators can always maintain a secure experience for their users with the robust business intelligence data governance we enable.
superQuery generates SQL that directly queries your database. The result: Your analysts and data scientists don’t need to pull your data out of the database to run queries.
superQuery uses a read-only connection to access the minimum amount of data needed to answer your queries and only returns the relevant result set. The result: less data duplication, no long-term storage of sensitive data on local machines, and maintaining the full power of your existing database security model.
superQuery makes it easy for administrators to control users’ access from the database level down to the field level.
superQuery’s platform comes standard with enterprise-level features including two-factor authentication, SAML-based single sign-on (supporting SAML, OneLogin, and Google Apps), and team management to keep superQuery access secure and up-to-date.
Highest Data Security Encryption standards
superQuery uses industry-standard AES encryption to secure cached data stored at rest, and the TLS protocol to secure network traffic between users’ browsers and the platform.
superQuery offers many options for securing connections to your database, including IP Whitelisting, SSL, SSH, PKI, and Kerberos authentication.
Because superQuery’s data platform provides a single point of contact for employees’ work with your enterprise’s data, it’s far easier to keep track of exactly who accessed what, when, and what they did with it.
Easily Keep Track of Usage and Development
superQuery logs every interaction so administrators can audit usage and easily set up scheduled reports and alerts. And because superQuery’s data model is version-controlled, you can also track when metric definitions have changed, who changed them and why.
Easy Configuration of Support Access
superQuery monitors and regularly audits company support technicians’ access to your instance (and as of superQuery release 4.22, you’ll be able to easily turn that access on or off).
superQuery connects to your organization’s database, and is designed to leave your data in that database. Because superQuery connects to technology that you are responsible for maintaining, security becomes a shared responsibility between superQuery and you.
While there is no permanent storage of your data in the superQuery application, by default, the application passes the following information back to us to perform license validation and enhance the service.
NOTE: By default, superQuery stores models in a secured GitHub repository.
You are responsible for configuring secure access between the superQuery application and your database. superQuery provides extensive recommendations on how to do this, including:
You are also responsible for controlling access and permissions for users of your superQuery instance within your company. We recommend:
superQuery hosts its software on AWS Cloud Services, which means that as a superQuery customer, you’ll inherit the robust standards of cloud security maintained by AWS, which superQuery builds on top of for its own security best practices. superQuery also uses industry best practices for the development and testing of the superQuery application, ensuring that code quality meets our standards before becoming part of a superQuery release.
The superQuery application is managed on AWS Facilities which comply with over 50 data security certifications, regulations, and frameworks. Physical security is managed by AWS, with facilities monitored by video surveillance, and intrusion detection systems.
Physical separation of data
The superQuery application is hosted in a single-tenant environment physically separating the instances of superQuery customers from each other. The superQuery application is hosted in a single tenant AWS Availability Zone (AZ) environment by default. If you have specific availability needs, you can contact your Account Manager to request implementing the application in a cluster configuration.
Data Security Architecture
superQuery follows AWS best practices for security architecture. Proxy servers secure access to the superQuery application by providing a single point to filter attacks through IP blacklisting and connection rate limiting.
superQuery employs a Cloud-based distributed backup framework for superQuery-hosted customer servers.
Availability and durability
The superQuery application can be hosted in a variety of different AWS data centers across the globe.
Monitoring & Authentication
Access to a customer’s back-end servers
Access to superQuery-hosted back-end environment requires approval and multiple layers of authentication.
Access to a customer’s superQuery application
Employee access to customer superQuery instances is provided in order to support a customer’s needs. Access requires approval and multiple layers of authentication. Additionally, customers can control all access from superQuery to their application via a Support toggle.
Monitored user access
Access to your superQuery environment is uniquely identified, logged, and monitored.
Network and application vulnerability scanning
superQuery’s front-end application and back-end infrastructure is scanned for known security vulnerabilities at least monthly.
Logs across the superQuery production and corporate environments are collected and stored centrally for monitoring and alerting on possible security events.
Reputation monitoring/threat intelligence
Collected logs and network activity are checked against commercial threat intelligence feeds for potential risks.
Anomalous activity, like unexpected authentication activity, triggers alarms.
Data Security Encryption
Application sensitive data stored locally including database connection configurations and cached query data is encrypted and secured using AES encryption.
Secure credential storage & encryption
Native username and passwords are secured using a dedicated password-based key derivation function (bcrypt) with hashing and salting.
Data in transit is encrypted and secured from the user’s browser to the application via TLS.
SSL / SSH encryption
superQuery enables you to configure your database connection via encrypted TLS or SSH.
Code development is done through a documented SDLC process which includes guidance on how code is tested, reviewed, and promoted to production.
Peer review and unit testing of code
Code is peer reviewed before being committed to the master code branch of the superQuery application. Functional and unit tests are performed using automated tools.
Routine developer training
Developers are regularly trained on secure coding practices.
Code quality tests
superQuery utilizes automated tests specifically targeting injection flaws, input validation, and proper CSRF token usage.
Regular third-party penetration testing
superQuery performs regular third-party penetration tests against the superQuery application and hosted environment.
Single sign on
superQuery provides SAML-based single sign on for users, offering support for SSO solutions from Google Apps, OneLogin, and SAML.
superQuery provides the ability to authenticate users based on Lightweight Directory Access Protocol (LDAP), enabling administrators to link LDAP groups to superQuery roles and permissions.
superQuery provides the ability to use two-factor authentication via Google Authenticator.
superQuery works under robust security protocols to secure the superQuery Office premises and materials that contain sensitive information. superQuery also invests in properly vetting and training staff to ensure that there is an organization-wide appreciation for data security.
Personal & Third Parties
Led by the Chief Security Officer (CSO), superQuery has an established a dedicated information security function responsible for security and data compliance across the organization.
Policies and procedures
superQuery maintains various security policies that are maintained, communicated, and approved by management to ensure everyone clearly knows their security responsibilities.
New contractors and employees are required to pass a background check and sign confidentiality agreements.
Security awareness education
superQuery new-hires complete security training as part of the entry into the organization. Employees receive routine security awareness training and confirm adherence to Company security policies. superQuery employees are reminded of security best practices through informal and formal communications.
superQuery maintains a vendor management program to ensure that third-parties comply with an expected level of security controls.
superQuery maintains a robust security risk management program. Our CSO chairs our internal quarterly Security Steering Committee.
superQuery’s Security and Operations team is available 24/7 to respond to security alerts and events.
Policies and procedures
superQuery maintains a documented incident response plan.
Incident response training
Employees are trained on security incident response processes, including communication channels and escalation paths.
superQuery Premises and Hardware
Monitoring and secure access to superQuery offices
superQuery offices are protected by security measures including security cameras.
superQuery uses a combination of endpoint management tools to monitor, patch, and protect its laptop population. Laptops have encrypted hard drives and are protected with sign-on password. Also, an AV/HIDs solution is installed on laptops to protect against malware and monitor for possible security events.
One of the priorities of superQuery’s security practices is to ensure that use of your data is transparent, safe, and respectful. To that end, superQuery maintains a Compliance team to perform regular assessments and ensure that risks are appropriately being mitigated and that controls are designed and operating correctly.
Data Security & Compliance
Healthcare data security compliance
superQuery customers include HIPAA Covered Entities and Business Associates. Since superQuery doesn’t extract your data, we don’t categorize data as sensitive, personal health information or according to other schemas. Instead, we handle all data according to the same security standards. superQuery will assist you to carry out HIPAA-related security obligations & compliance, which can include executing Business Associate Agreements as needed.
SOC 2 and ISO 27001 compliance
superQuery has a SOC 2 Type 1 report and and is collecting evidence for the Type 2 audit. We anticipate the Type 2 report being available in September, 2018. Following the SOC 2 Type 2 audit, superQuery will direct its attention towards ISO 27001.
EU Compliance & GDPR Compliance
superQuery has many users in the European Economic Area and will work with you to assure database compliance with Personal Data handling requirements and cross-border transfer requirements under the EU Privacy Directive, and the new GDPR.
Determine where superQuery is hosted
superQuery lets you determine where your superQuery is to be hosted. Currently your superQuery hosted instance can reside in the US, Japan, Ireland, Australia, or Brazil.
Last Updated: March 2019
Users may review, update, correct or delete the PII in their account by contacting us. If you completely delete all such information, then your account may become deactivated. If you would like us to delete your record in our system or stop sending you any information please contact us at firstname.lastname@example.org with a request that we delete your PII from our database. We may retain an archived copy of your records as required by law or for legitimate business purposes.
We do not sell, trade, or otherwise transfer to third parties your PII without your advance written consent. This does not include website hosting partners and other parties who assist Us in operating Our Site, conducting Our business, or serving Our Users (such as Google BigQuery), so long as those parties agree to keep this information confidential. We may also release information when its release is appropriate to comply with the law, enforce our site policies, or protect our or others’ rights, property or safety. However, non-personally identifiable information and non-identifiable metadata may be provided to other parties for marketing, advertising or other uses without any notice or consent.
We may collect, store and use information Users provide to us on Our Site or Service in order to:
We may share non-personally identifiable information with third parties for industry analysis and other commercial purposes, or to deliver targeted advertising about other products and services. No such non-personally identifiable information that we provide to third parties will contain PII. It is important to note that we allow third party behavioral tracking.
EVALUEX collects email addresses and phone numbers to send information, newsletters, offers of new or improved Services, advertising and also in order to respond to inquiries or other requests. EVALUEX will not use misleading or false information in the content of those emails, and it will be reasonably identifiable as advertising, as the case may be. You may withdraw your consent to the receipt of such messages by sending a written notice to our e-mail email@example.com or following the un-subscription instructions that may be provided therein.
The security of Users’ information is highly important to Us. We have put in place appropriate security systems designed to prevent unauthorized access to disclosure and use of information Users provide to us. These systems are structured to deter and prevent hackers and others from accessing this information. Due to the nature of Internet communications and evolving technologies, however, we cannot provide, and expressly disclaim, any assurance that the information provides to us will remain free from loss, misuse, or alteration by third parties who, despite Our efforts, obtain unauthorized access. In addition, We work to protect the security of your information during transmission by using Secure Sockets Layer (SSL) software, which encrypts information you input.
You acknowledge and accept that, despite our efforts, there may be times or situations when your PII is inadvertently disclosed by Us or by a third party to whom we have disclosed Your PII. You hereby accept that risk and waive any and all claims, causes of action, damages and liability against Us in the event of inadvertent or negligent disclosure of PII.
One of the architectural benefits of the superQuery platform is that it creates a single, governed location for users to access data. This reduces data sprawl, leverages the world-class security of today’s most advanced databases, and gives administrators control over who’s accessing data and how long it’s cached for.
The superQuery platform helps businesses to empower users to analyze data and gain insights to drive business outcomes, but leaves control of your data where it belongs, in your hands.
superQuery holds two classes of data: information about superQuery users and the customer data necessary to answer users’ queries.
Yes. We retain basic user contact information to communicate with our users and customers about our product and security updates, relevant marketing, training and events. superQuery users may opt-out of communications by email to firstname.lastname@example.org.
superQuery-hosted instances are hosted in the Amazon Web Services cloud and Google cloud service.
At superQuery we are constantly updated with the developments in the privacy and security policies. Our data security program is designed to ensure that the policies, controls and processes are appropriate to the type of personal data and data processing collected. You can find our security policy here: https://web.superquery.io/security
As our customer, you remain in control of your data and data about your users. When you remove users from your superQuery instance, their data will be removed from superQuery’s databases within 30 days. If you wish to delete a superQuery user’s account data, we have a process to permanently anonymize the data.
If you would like superQuery to delete your customer data or superQuery user account detail, please send an email to support@superQuery.io.
Last Updated: December 9, 2018
EVALUEX also reserves the right to cease providing or to change the Services at any time and without notice.
You undertake to indemnify EVALUEX for any losses or damages resulting from any third party claims or complaints arising from, or in connection with your actions and activities on or in connection with the Services and/or breach of this Agreement.
In the event that any provision of these Terms is held to be invalid or unenforceable by a competent court, the remaining provisions of these Terms will remain in full force and effect.
The failure of EVALUEX to enforce any right or provision of these Terms will not be deemed a waiver of such right or provision.
These Terms are the entire and exclusive agreement, and replace any prior agreements, between EVALUEX and you regarding the subject matter hereof.
They say the first step is the hardest,
So we made it easy.
Free to get started. No credit card required.