Security

This document highlights the measures we take for security and our commitment to safeguarding information and ensuring the privacy and protection of our customer’s data. For any clarifications or concerns, please contact us at security@baselit.ai.

1. Not accessing your customer data, only the metadata

We do not access your customer data. To operate, we only need to analyze the usage patterns of your organization and the metadata to analyze your Snowflake spending.

Snowflake has a dedicated database named ‘snowflake’ where it maintains all the metadata related to the instance. Metadata includes information about the sizes of tables, the number of tables, SQL queries, etc.

This database is completely decoupled from your customer data. Even from the ‘snowflake’ database, we only need access to a very small number of tables.

This access is needed to analyze usage patterns and provide analytics of the spending for your Snowflake instance.

2. Creating a secure private space owned by you, with read-only access to Baselit

To share the above-mentioned metadata with Baselit in a secure way, we make use of a Snowflake share.

To put it simply, a share is a private secure space within your Snowflake instance owned by you and read-only access granted to us.

3. Granting minimal privileges

For Baselit to function, we create a new role that only has the following privileges:

Reading the data from the secure share mentioned above.

Managing warehouses - This is to perform optimizations in real time on warehouse parameters. Warehouse parameters refer to the configurations of a warehouse similar to any other system configuration.

4. Employee policies and gated access to the production environment

A very small subset of senior folks from our engineering team and your dedicated customer success manager have access to your metadata.

We make sure that all the development is done on synthetic data generated internally by our team.

5. Using AWS as a trusted platform

Our entire infrastructure is built on top of AWS to ensure that the underlying platform is resilient to security attacks.

6. Architecture diagram for Baselit

Here’s a quick diagram of our architecture highlighting the fact that we do not have access to any customer data and our commitment to security.

7. Snowflake Network policies for extra security

You can configure a network policy in Snowflake to allow only certain IP addresses to access your Snowflake instance. For a list of our IP addresses, please contact us at security@baselit.ai.

FAQs

Does Baselit access our customer data?

No, we do not have access to your customer data. We only need access to the metadata. Metadata includes information like total number of queries, size of tables, etc.

What cloud platform does Baselit run on?

We run on top of AWS as it has been tested for security over the years.

Who do I contact if I have a security concern?

We are available at security@baselit.ai.

What kind of employee policies do you have for access to our metadata?

A very small subset of senior folks from our engineering team and your dedicated customer success manager have access to your metadata.