Slateo Security

Security that Accelerates Data

SOC 2 Type II

HIPAA

GDPR

Sub-processors	AWS / GCP (storage & orchestration); OpenAI / Anthropic / Google Vertex AI Full list in our Trust Center →
DPA & Security Questionnaire
Trust Center	trust.slateo.ai

Security Principles

Minimize Data Movement

Queries run directly in your warehouse, with traffic routed over private links or VPC wherever possible. Raw data is never ingested into a central store.

Isolate the Data Plane

Components that touch data sit behind their own boundary, away from UI/API. Humans fetch results via presigned, time-bound URLs; agents and services use short-lived federated identities instead of static credentials.

Delegate Authorization

Your identity provider or warehouse remains the single source of truth. Policies like row-level security apply at the source, with least-privilege access enforced throughout.

Custom Control & Transparency

Choose deployment style, bring your own keys, configure retention settings. Full visibility into how your data is processed and stored.

Security Architecture

Three-tier isolation model ensuring your data never leaves your control

Customer Data Plane

Slateo UI/API Control Plane

Slateo Containerized Data Plane

Browser

User

Identity Provider

SSO / SAML / OIDC

Data Warehouse

Cache Bucket

org-namespaced

App DB

org-isolated

API Server

Workflow Orchestrator

Workflow Worker

AI Agent

Customer Data Plane

Your browser, identity provider, and data warehouse remain under your complete control. All authentication and authorization policies are enforced at the source.

UI/API Control Plane

Multi-tenant API server handles workflow orchestration and metadata management. Never touches raw data - only coordinates secure operations.

Containerized Data Plane

Isolated workers with encrypted DB credentials execute queries in your warehouse. AI agents process results in ephemeral, secure containers.

Data Flow

Execute

Workers run queries via your service or user identity. Warehouse policies (e.g. row-level security) are enforced at source.

Cache

Results and metadata (output schema, row count, timestamps) are stored in org-scoped storage and encrypted at rest.

Deliver

Browser downloads results via presigned, time-bound links over TLS. The API never proxies raw result rows.

Clean-up

Temporary artifacts are cleared; caches can be invalidated or purged; retention defaults are provided with admin control.

Security & Privacy Controls

Encryption: TLS enforced in transit; AES 256-bit encrypted at rest.

Authorization & access: SSO/SAML/OIDC, workload identities, impersonation where supported. Least privilege enforced; audit trails for all key operations.

AI & third-party privacy: Your data is used only to improve your team's experience and knowledge. We never commingle data across customers, never train models with your data, and only work with trusted, reliable partners. Full details and sub-processor disclosures are available in the Trust Center.

Deployment Options

Cloud Default

Multi-tenant control plane
Isolated data plane
Org-scoped storage

Private Deployment

Bring your own infrastructure
VPC/PrivateLink options
Full control over network & environment
Support for AWS and GCP

Frequently Asked Questions

No. Query execution happens entirely in your warehouse. We cache results in customer-scoped encrypted blob storage, but the API never proxies raw rows. Results are delivered to browser clients via presigned, time-bound URLs. For agentic AI and background processing tasks, data is accessed by isolated workers over internal VPC using federated workload identities.

Security without compromise

View Trust Center

Slateo Security

Security that Accelerates Data

SOC 2 Type II

HIPAA

GDPR

Sub-processors	AWS / GCP (storage & orchestration); OpenAI / Anthropic / Google Vertex AI Full list in our Trust Center →
DPA & Security Questionnaire
Trust Center	trust.slateo.ai

Security Principles

Minimize Data Movement

Queries run directly in your warehouse, with traffic routed over private links or VPC wherever possible. Raw data is never ingested into a central store.

Isolate the Data Plane

Delegate Authorization

Your identity provider or warehouse remains the single source of truth. Policies like row-level security apply at the source, with least-privilege access enforced throughout.

Custom Control & Transparency

Choose deployment style, bring your own keys, configure retention settings. Full visibility into how your data is processed and stored.

Security Architecture

Three-tier isolation model ensuring your data never leaves your control

Customer Data Plane

Slateo UI/API Control Plane

Slateo Containerized Data Plane

Browser

User

Identity Provider

SSO / SAML / OIDC

Data Warehouse

Cache Bucket

org-namespaced

App DB

org-isolated

API Server

Workflow Orchestrator

Workflow Worker

AI Agent

Customer Data Plane

Your browser, identity provider, and data warehouse remain under your complete control. All authentication and authorization policies are enforced at the source.

UI/API Control Plane

Multi-tenant API server handles workflow orchestration and metadata management. Never touches raw data - only coordinates secure operations.

Containerized Data Plane

Isolated workers with encrypted DB credentials execute queries in your warehouse. AI agents process results in ephemeral, secure containers.

Data Flow

Execute

Workers run queries via your service or user identity. Warehouse policies (e.g. row-level security) are enforced at source.

Cache

Results and metadata (output schema, row count, timestamps) are stored in org-scoped storage and encrypted at rest.

Deliver

Browser downloads results via presigned, time-bound links over TLS. The API never proxies raw result rows.

Clean-up

Temporary artifacts are cleared; caches can be invalidated or purged; retention defaults are provided with admin control.

Security & Privacy Controls

Encryption: TLS enforced in transit; AES 256-bit encrypted at rest.

Authorization & access: SSO/SAML/OIDC, workload identities, impersonation where supported. Least privilege enforced; audit trails for all key operations.

Security that Accelerates Data

Security Principles

Minimize Data Movement

Isolate the Data Plane

Delegate Authorization

Custom Control & Transparency

Security Architecture

Customer Data Plane

UI/API Control Plane

Containerized Data Plane

Data Flow

Execute

Cache

Deliver

Clean-up

Security & Privacy Controls

Deployment Options

Cloud Default

Private Deployment

Frequently Asked Questions

Do you copy our warehouse data?

How are permissions enforced? Do you support row-level security or impersonation?

Can we ensure data privacy with AI features?

What if we need full isolation / private deployment?

Where can I access your SOC 2 report?

Security without compromise

Security that Accelerates Data

Security Principles

Minimize Data Movement

Isolate the Data Plane

Delegate Authorization

Custom Control & Transparency

Security Architecture

Customer Data Plane

UI/API Control Plane

Containerized Data Plane

Data Flow

Execute

Cache

Deliver

Clean-up

Security & Privacy Controls

Deployment Options

Cloud Default

Private Deployment

Frequently Asked Questions

Do you copy our warehouse data?

How are permissions enforced? Do you support row-level security or impersonation?

Can we ensure data privacy with AI features?

What if we need full isolation / private deployment?

Where can I access your SOC 2 report?

Security without compromise