CISOs & Security

Security & Compliance Without Compromise

Your data never leaves your VPC. Not during queries. Not during processing. Not ever. CMEK encryption, PrivateLink connectivity, immutable audit logs — security that's built in, not bolted on.

Run the Audit Script →View Sample Report →

THE PROBLEM

What You're Dealing With

Data Leaves Your VPC

Every query to a legacy warehouse sends your data over the internet to a vendor-controlled environment. You lose custody the moment the query fires.

Vendor-Managed Encryption

Legacy warehouses hold your encryption keys. You trust them not to access your data. You trust their employees. You trust their security posture.

Compliance is a Retrofit

Adding SOC 2, HIPAA, or GDPR controls to a multi-tenant SaaS warehouse means bolting security on after the fact. Audit logs are limited and vendor-controlled.

THE HATIDATA FIX

How HatiData Solves It

In-VPC Deployment

HatiData runs inside YOUR AWS VPC. Your data never crosses a network boundary. Your existing VPC security controls, NACLs, and security groups apply automatically.

Customer-Managed Encryption Keys (CMEK)

You create the KMS key. You control the rotation. You can revoke access instantly. We never see your encryption keys.

Immutable Audit Logs

Every query, every access, every schema change — logged to S3 with Object Lock. 7-year retention. Tamper-proof. Your auditors will love it.

SECURITY POSTURE

Enterprise-Grade by Default

In-VPC

Data never leaves your network

CMEK

Customer-managed encryption keys

PrivateLink

Zero public internet traversal

Immutable Audit

S3 Object Lock, 7yr retention

SOC 2

Type I in progress, Type II planned

RBAC

6 roles, column masking, RLS

Apache Iceberg

Open format, zero lock-in

dbt Native

Same models, same tests

Side-by-Side Comparison

FeatureLegacy WarehouseHatiData
Data LocationVendor's cloudYour VPC
Encryption KeysVendor-managedCustomer CMEK
NetworkInternet endpointsAWS PrivateLink
Audit LogsVendor-controlledImmutable (S3 Object Lock)
Data AccessVendor employees can accessZero vendor access
Compliance ScopeShared responsibilityYour VPC = your controls

CODE EXAMPLES

Drop-In Integration

# Deploy an ephemeral HatiData cluster for testing
hatidata deploy \
  --vpc-id vpc-0abc123 \
  --subnet-ids subnet-east-1a,subnet-east-1b \
  --kms-key-id arn:aws:kms:us-east-1:123:key/abc \
  --audit-bucket s3://my-audit-logs \
  --ttl 24h

# Cluster runs in YOUR VPC
# Encrypted with YOUR KMS key
# Audit logs in YOUR S3 bucket
# Auto-destroys after 24 hours
0

data egress (stays in your VPC)

0 yr

immutable audit log retention

0%

CMEK encryption coverage

Stop Paying the 60-Second Tax.

Run the free audit script. See what you're really spending. Switch in 14 days.

Run the Audit Script →View Sample Report →

EXPLORE MORE

Solutions for Every Team

Product Engineers

Embedded Analytics Without the Snowflake Bill

Your product embeds analytics, but every customer query spins a warehouse.

Learn more →
AI Engineers

The Data Layer for Autonomous AI Agents

AI agents fire hundreds of micro-queries — Snowflake bills each at a 60-second minimum.

Learn more →
Data Engineers

DataOps & CI/CD for the Modern Data Stack

Cloning a Snowflake DB for CI costs real credits. Every dbt PR run bleeds money.

Learn more →