Twing Data

Metadata-Only Access

Twing Data operates with the principle of least privilege, requiring access only to your data warehouse metadata. This limited access approach means we avoid interacting with your actual data or sensitive information.

What We Access

The metadata we analyze includes:

• Table names and metrics
• Query text and associated metadata, such as the SQL statement and users who executed the query.
• Query performance metadata, such as execution time and query statistics.

How We Process Data

All metadata is securely stored in Twing Data's dedicated BigQuery account. We extract only the minimum subset of metadata required for our analysis and optimization services. Insights are generated and presented through our secure platform.

No Customer Data Access

We maintain a strict security boundary that prevents access to any customer data stored in your data warehouse. We do not have read or write access to any of the customer's data that is stored in your data warehouse. This access is tightly controlled during the onboarding process where customers create a new user with a limited set of permissions.

Twing Data System Architecture

The following is a diagram providing an overview of our system architecture. The key things to note are:

• A read-only user with limited permissions is created by the customer in their data warehouse. This user can only access the metadata database.
• Twing Data uses this user to access the metadata database and extract the metadata required for our analysis services.
• The metadata is stored in a dedicated BigQuery database and available via the Twing Data application.
• The customer's fetched metadata is deleted after 30 days. Note that the analysis remains available after 30 days.

• Where is Twing Data deployed?

  The Twing Data user facing application is deployed on fly.io. The metadata is stored in Google's BigQuery on top of Google's cloud infrastructure.

• How do you handle sensitive data within the query text?

  Glad you asked! If requested, we can redact the query text at ingestion time and replace it with a constant placeholder. This preserves the structure of the query text and allows us to analyze the pattern while removing any sensitive data.

• We have strict access controls on our data warehouse. Are you able to provide us an allowlist of IPs that need access to our infrastructure?

  Yes. We can provide you with an allowlist of IPs that will access your data warehouse. Please let us know during your onboarding process.

• What are the permissions of the user you access our data warehouse with?

  The user has only select permissions on the metadata database. This varies depending on the data warehouse. For more details, please refer to our integration docs.

• What is Twing Data's incident response and notification process?

  We maintain a comprehensive incident response plan with defined SLAs. In the event of a security incident affecting your metadata, we will notify your designated security contact within 24 hours and provide regular updates until resolution.

• How does Twing Data ensure secure development practices?

  We follow secure development lifecycle (SDLC) practices including code review requirements, automated security scanning, and regular penetration testing. All code changes go through multiple environments (development, staging, production) with appropriate approvals and testing at each stage.

• How can I contact Twing Data about security concerns?

  Please contact us at security@twingdata.com.