Security & Compliance

From day one, Select Star was designed with data security and confidentiality in mind. As a data discovery platform that’s designed to consume metadata from multiple sources, Select Star applies the highest standards for secure data management and confidentiality protection for its users. Also, we believe it is our responsibility to be transparent with how we operate and govern our data collection and processing.

System Metadata Only

Select Star’s design is focused on metadata and query logs only, and hence only requires limited system-data access when connecting to your data sources. When connecting to your data sources, we recommend creating a dedicated service account for Select Star with the minimal roles and permissions defined in our docs.

This ensures that, by default, Select Star does not have any visibility or potential access to your data and only uses system metadata.

Information Transfer & Processing Limitation 

Information Example Purpose
Metadata Data object (schema, table, column, dashboard…) name, description, creation / update timestamp, system user information (name, email), etc. Data catalog and metadata analysis
Query logs, activity logs Executed SQL query history, dashboard query/view history, timestamp, user information (name, email), etc. Data lineage and popularity modeling
System user First name, last name, email, IP address System user analysis, Select Star account record keeping

Sensitive / PII Tag

Although we do not have read access to your data values, sometimes Select Star and its users may be exposed to sensitive data.  This can happen if a user-executed query Select Star has ingested exposes sensitive data values. For example, Select Star may ingest a query that was executed as “select * from Users where ssn=’123-45-5678’”.

To prevent this type of scenario, we recommend our customers tag their sensitive columns as “PII”. Once a column is tagged as PII, Select Star will remove any value from the query log before the query gets saved in Select Star for processing.

This way, no sensitive data values are transferred to Select Star and no organization user will encounter queries containing potentially sensitive values.

To learn more about using the PII tag in Select Star, see our docs.

SOC 2 Compliance


Select Star has completed SOC 2 Type II audit exam in Security, Confidentiality, and Availability criteria in May 2021.

SOC 2 is a Service and Organization Control (SOC) governance framework developed by the American Institute of CPAs (AICPA) on storing of private business and customer information by third-party service providers. SOC 2 specifically relates to data security for companies that store client information on cloud-based servers, and hence relevant for Software as a Service (SaaS) providers like Select Star.

Independent auditors use the SOC 2 framework to validate a company’s systems and controls with respect to information security. Upon completion of the audit and a thorough review of the evidence, the auditor issues a SOC 2 report detailing its findings and attestation on the company’s security controls related to areas such as:

  • Data encryption (in transit and at rest)
  • Third-party penetration testing
  • Least-privilege access controls
  • Audit logging
  • Endpoint monitoring
  • Internal corporate governance & policies
  • Risk management processes
  • Regulatory oversight

SOC 2 has more than 200 of these requirements and mandates long-term policy and procedures to better secure customer information through tightened internal control. 

Select Star has completed SOC 2 Type II audit in Security, Confidentiality, and Availability criteria since May 2021. SOC 2 Type II audit requires all the controls and systems are effective over a designated period of time, and hence the SOC 2 Type II audit report provides a guarantee that there are organizational practices already running in place to safeguard the privacy and security of all customer information.

SOC 2 Type II audit report, 3rd party pentest report, and summary of technical and organizational security measures for Select Star are all available upon request under MNDA.

Data Deletion Policy

All customer data will be deleted either upon request or automatically following a termination or cancellation of a Select Star account. It may take up to 10 business days to complete the deletion.

Select Star users with an admin role can also remove a Data Source in Select Star application at any time. This will delete all of its metadata, query logs, and any user-created or Select Star-created metadata (i.e., description, comments, tags, popularity, lineage) from the Select Star application.

All customer data deletion is permanent. Once deleted, customer data cannot be restored.

Unlock the full context of your data

Get Started