Compliance Center

Enterprise compliance you can trust

Squish is built with data protection at its core. We are committed to meeting the compliance requirements of enterprise organizations worldwide.

Compliance Framework

Our platform implements controls aligned with industry standards and regulations.

Data Residency

Control where your data is processed and stored.

  • Primary infrastructure hosted in US (us-central1)
  • All data processing occurs within Google Cloud Platform
  • No data transfer to third-party processors without consent
  • Enterprise customers can discuss specific residency requirements

Access Controls

Granular permissions ensure only authorized users access your data.

  • Role-based access control (Admin, Member)
  • Organization-level data isolation
  • Session management with automatic timeout
  • All access attempts logged for audit
  • Secure invitation-based user provisioning

Audit Logging

Comprehensive logging for compliance and security investigations.

  • User authentication and session events
  • Connection creation, modification, and deletion
  • Discovery job execution and results access
  • Configuration and settings changes
  • Logs retained per compliance requirements

Privacy Controls

User data protection and privacy best practices.

  • Account data deletion available upon request
  • Clear privacy notices and data handling policies
  • User consent mechanisms for data collection
  • Secure data handling throughout the platform
  • Privacy inquiries handled promptly

Data Handling Practices

Understanding exactly what data we access and how we handle it.

What We Access

  • Database schema metadata (table names, column names, data types)
  • Statistical samples for relationship analysis (row counts, cardinality)
  • Foreign key constraints and index definitions

What We Never Access

  • Actual row data or business content
  • Personally identifiable information (PII)
  • Sensitive financial or health records
  • Production data beyond metadata sampling

Data Retention

  • Discovery results stored until deleted by user
  • Connection credentials encrypted and stored securely
  • Audit logs retained per compliance requirements
  • Account data deleted upon account termination request

Certification Roadmap

Our ongoing commitment to third-party validation of our security practices.

In Progress

SOC 2 Type II

Currently working toward certification with expected completion in 2025.

Planned

ISO 27001

Information security management certification on our roadmap.

Under Evaluation

HIPAA

Evaluating requirements for healthcare industry customers.

Need Compliance Documentation?

Enterprise customers can request Data Processing Agreements (DPA), security questionnaire responses, and compliance documentation. Our team is available to support your vendor assessment process.

Contact our compliance team

Questions about compliance?

Our team is ready to discuss your specific compliance requirements and how Squish can meet your organization's needs.

View Security DetailsContact Us