How Keboola delivers Enterprise-Grade Security & Compliance

As data platforms become mission-critical, security can’t be bolted on later. This whitepaper explains how Keboola is architected, operated, and audited to meet the requirements of large enterprises, regulated industries, and security-first organizations.

What you’ll learn

• How Keboola isolates tenants, stacks, and workloads by design
• How data is encrypted, accessed, audited, and deleted
• Which deployment models support strict security and compliance requirements
• How Keboola maps to SOC 2, GDPR, and enterprise risk frameworks

Who this whitepaper is for

This whitepaper is written for teams responsible for enterprise risk, security, and compliance:

• IT Security & Compliance teams evaluating vendor risk
• CISOs & Risk Managers assessing cloud data platforms
• Data Platform Owners & Architects designing secure data stacks
• Data Engineering leaders operating production data pipelines

Why enterprise teams choose Keboola

Security built into the architecture

Keboola is built around independent stacks, strong tenancy boundaries, and a three-tier security architecture separating users, platform services, and customer data warehouses.

• Multi-tenant and single-tenant stacks
• Dedicated domains and isolation per stack
• Regional deployment to support data residency

Encryption everywhere

All customer data is protected at rest and in transit using industry-standard cryptography.

• AES-256 encryption at rest (AWS KMS)
• TLS 1.2+ for all data in transit
• Encrypted metadata and configuration stores

Controlled and auditable access

Enterprise security depends on visibility and least-privilege access.

• SAML 2.0 / OAuth 2.0 SSO
• Organization-level MFA enforcement
• Granular, time-limited API tokens
• Approval-based, fully audited support access

Secure-by-default data execution

All transformations run in isolated workspaces with explicit input/output mapping.

• No direct access to production storage
• Temporary, scoped credentials
• Automatic workspace cleanup after execution
• No undeclared data leakage

Built for compliance and audits

Keboola supports enterprise security programs with documented controls and independent assurance.

• SOC 2 Type II (annual audit, available under NDA)
• GDPR-aligned Data Processing Agreement
• Clear data retention and deletion commitments
• Public status page and operational transparency

The whitepaper maps Keboola capabilities to common enterprise security requirements such as isolation, encryption, access governance, auditability, and privacy controls.

What’s inside the whitepaper

• Security architecture and stack isolation
• Identity, access management, and support access governance
• Encryption standards and data lifecycle handling
• Secure development lifecycle and Git-based change control
• Inherited security from cloud and warehouse providers
• Enterprise readiness checklist for security assessments