Filament

Security & Data Protection

At Filament, we understand that your business data is your most valuable asset. Our platform is built from the ground up with security, privacy, and data isolation as fundamental principles.

Platform Architecture

Filament operates as a managed analytics platform that connects your business applications and synchronizes data to dedicated, isolated data warehouses. Our architecture ensures complete data separation between customers while providing powerful analytics capabilities.

Each organization receives a completely isolated PostgreSQL database provisioned in the region of your choosing. Your ELT pipelines run in secure, encrypted channels to synchronize data from connected applications. All dashboard access requires authentication through our secure web application.

Data Isolation & Regional Residency

Your data security starts with complete isolation. Every customer organization receives a dedicated PostgreSQL database that is completely separate from other customers.

You choose where your data lives. We provision your database in the region you select: US, EU, or Australia. Your data remains exclusively in your chosen region.

Authentication & Access Control

We implement enterprise-grade authentication with comprehensive support for email/password authentication, social sign-on providers (including Google, GitHub, Apple, and more), and advanced security features for seamless and secure access.

All API endpoints require authentication. Our authentication system provides robust session management with secure cookie handling, configurable session timeouts, and built-in protection against session fixation and CSRF attacks. The platform includes support for multi-factor authentication and rate limiting to protect against brute force attacks.

API & Integration Security

Every API endpoint enforces a three-step security model: authenticate the user, authorize access to the resource, and scope the operation to the correct organization. No endpoint can be reached without passing all three checks.

All server actions validate input through Zod schemas before processing. SQL queries are parameterised using Drizzle ORM and tagged template literals — never concatenated — eliminating SQL injection by design. Our architecture addresses the OWASP Top 10 through specific controls at each layer. Dependabot continuously monitors dependencies for vulnerabilities, with security-critical updates applied within 48 hours.

Data Encryption

Your data is protected using industry-standard encryption at every stage of its lifecycle. All data transmissions use TLS 1.2+ encryption, including API calls, webhook payloads, and browser connections. Database encryption uses AES-256, with encrypted backups and secure key management. OAuth tokens and API keys are encrypted using AES-256-CBC encryption before database storage.

Infrastructure Security

Our infrastructure is built on SOC 2 Type II certified providers. Vercel provides our compute layer with enterprise-grade DDoS protection, automatically mitigating L3, L4, and L7 attacks at the platform level. Neon powers our database infrastructure with automatic scaling that adapts to demand, ensuring consistent performance and availability.

Security patching and dependency updates are automated through our CI/CD pipeline with Dependabot continuously scanning for vulnerabilities. Real-time application monitoring tracks errors, performance metrics, and anomalies to detect potential security events before they impact operations.

Data Processing & Privacy

We follow data minimization principles, only collecting and processing what's necessary for providing our analytics services. Your data is used exclusively for generating insights and analytics — we never sell, share, or disclose it to third parties for marketing purposes.

Data deletion is available upon request following account termination. We support standard privacy rights including data access, rectification, and deletion requests.

Data Retention & Cancellation

When a subscription ends, your warehouse data is retained for 7 days after cancellation. During this period, you can request a full data export (SQL dump), which we will complete within 7 days. After the retention period, your database schema is dropped and backups are allowed to expire.

Platform user account data (profiles, settings, and authentication records) is retained for 30 days after account deletion, after which it is permanently removed.

AI Training & Data Usage

Your data remains yours alone. We do not use your data to train, improve, or develop AI models. Our AI providers, including Anthropic, do not train on your data when processed through our platform.

All AI interactions with your data are ephemeral and transient — queries and analytics remain completely isolated within your organization's context and are used solely to generate insights for your immediate business needs.

Operational Security

Code goes through security-focused review processes with automated dependency vulnerability scanning via Dependabot. Our CI/CD pipeline includes security audits on every push, and we maintain regular dependency updates. We follow the principle of least privilege with strong authentication requirements for administrative access. Critical operations are audit logged, and production access is strictly limited to essential personnel.

Backup & Disaster Recovery

We provide automated encrypted backups with point-in-time recovery capabilities. Our platform database maintains 7-day backup retention for all user configurations, dashboards, and metadata. Customer warehouse databases include configurable backup retention based on your plan tier, with point-in-time recovery capabilities. All backups are encrypted and stored across multiple availability zones for resilience.

Compliance & Standards

Our infrastructure is built on SOC 2 Type II certified hosting providers (Vercel and Neon), giving you confidence in our operational security controls. We've designed our architecture with privacy principles from the ground up, following OWASP security guidelines and modern security best practices.

We comply with the Australian Privacy Act 1988 and GDPR for EU data subjects. While we are not yet SOC 2 certified ourselves, we are actively aligning toward SOC 2 Type II and ISO 27001 certification. Our architecture leverages certified infrastructure providers and implements industry-standard security controls including encryption at rest and in transit, comprehensive audit logging, role-based access controls, and regular security reviews.

Your Security Responsibilities

Security is a shared responsibility. We recommend enabling multi-factor authentication for all users, regularly reviewing access permissions, using strong unique passwords, and monitoring account activity. Keep integration credentials secure and rotate them regularly. If you suspect any security issues, report them immediately.

Security Contact

For security inquiries, vulnerability reports, or to request our detailed security documentation, please contact our team at team@filamentanalytics.com. We aim to respond to security inquiries within 24 hours.

Last updated: March 2026. We regularly review and update our security practices to ensure your data remains protected against evolving threats.