The automated data movement platform built on trust
Top-tier management of your most valuable asset — your data
Read our full privacy statement
Privacy by design and default
Data access is highly restricted
Data deletion requests
International and cross-border compliance
Data protection agreements
Do the right thing, even when it’s harder
Our leadership team is responsible for the day-to-day operations and execution of the company's strategy. They are committed to upholding the values outlined in our Code of Conduct and promoting a culture of integrity and accountability.
Our Employee Code of Business Conduct and Ethics sets forth our commitment to ethical behavior. All employees are expected to adhere to our code. Regular training and communication channels are established to ensure employees are aware of and understand our ethical standards.
Our Third Party Code of Conduct outlines the ethical and operational expectations we have for vendors, partners, contractors and other third parties when doing business with Fivetran to ensure alignment with our values and compliance standards. This code establishes a framework for responsible and transparent collaboration, promoting a shared commitment to ethical business practices.
Fivetran is committed to a work environment and supply chain that is free from human trafficking and slavery. Our Modern Slavery Statement outlines our position against forced labor or human trafficking.
Fivetran has an Anti-Bribery and Anti-Corruption Policy outlining guidelines implemented to prevent and combat bribery and corruption in its business activities. It establishes clear rules and procedures to ensure compliance with legal standards, fostering a culture of integrity and transparency throughout the organization.
All employees are trained on our business conduct and compliance policies. From the beginning, employees understand Fivetran’s commitment to compliance by being provided our Code of Conduct during onboarding. We also provide annual Code of Conduct training and targeted compliance training based on job responsibility and applicable risk.
Every member of the Fivetran organization understands the responsibility to raise concerns and report violations of Fivetran policy, the law and other misconduct. Employees, customers and partners are encouraged to report concerns related to ethics or compliance. Reports can be made through the AllVoices hotline. Fivetran does not tolerate retaliation against anyone who raises a concern in good faith.
Fivetran is dedicated to adhering to all applicable regulations, including those relating to international trade, embargoes, import-export controls and economic sanctions. Fivetran does not provide products to denied persons or in prohibited countries. Fivetran’s success comes from offering quality products — not from corrupt or illegal conduct.
Dedicated in-house security expertise
Chief information security officer
Data protection officer
Simply secure, comprehensive compliance
The SOC 1 Type II report is an independent assessment of our control environment performed by a third party. Service Organization Controls (SOC) 1 reports provide information about a service organization’s control environment that may be relevant to the customer's internal controls over financial reporting.
The ISO/IEC 27701 certification is an independent third-party assessment of our privacy information management system. It demonstrates that we have controls in place to protect personal data and support compliance with global privacy requirements.
The SOC 1 Type II report is an independent assessment of our control environment performed by a third party. Service Organization Controls (SOC) 1 reports provide information about a service organization’s control environment that may be relevant to the customer's internal controls over financial reporting.
Fivetran's SOC 1 Type II report is issued in accordance with the International Standard on Assurance Engagements (ISAE) 3402 (Assurance Reports on Controls at a Service Organization). The SOC 1 report covers the design and operating effectiveness of controls relevant to the Fivetran platform.
The SOC 2 Type II report is an independent assessment of our control environment performed by a third party.
The SOC 2 report is based on the AICPA’s Trust Services Criteria and is issued annually in accordance with the AICPA’s AT Section 101 — Attest Engagements. The SOC 2 report details the design and operating effectiveness of controls relevant to any system containing customer data as part of the Fivetran platform. The Fivetran SOC 2 report addresses the following Trust Services Criteria — Security, Availability, and Confidentiality.
Fivetran supports PCI DSS compliance Level 1. This environment undergoes annual assessment by Qualified Security Assessors (QSA's) against the current PCI DSS requirements.
HITRUST certification is widely considered the gold standard in satisfying HIPAA’s strict security requirements. HITRUST is a certification that is trusted and recommended by many health networks and hospitals to manage security and data risks. HITRUST Implemented, 1-year (i1) certified status demonstrates that the Fivetran platform is leveraging a set of curated controls to deliver a complete security program that broadly protects against current and emerging threats worldwide.
Cyber Essentials is a UK-government-backed scheme to help organizations protect against cyber-security threats by setting out baseline technical controls.
The Cloud Security Alliance (CSA) Security, Trust & Assurance Registry (STAR) Consensus Assessments Initiative Questionnaire (CAIQ) Self-Assessment consolidates current information regarding security risks and controls into one industry-standard questionnaire (CSA STAR CAIQ). Fivetran self-assesses against the CSA STAR CAIQ annually, providing our customers with an in-depth view of our control environment. This document provides Fivetran customers with an in-depth view of Fivetran's control environment.
The Standardized Information Gathering (SIG) questionnaire is an industry-standard compilation of questions used to assess information technology and data security across a broad spectrum of risk control areas. The SIG is issued by Shared Assessments, a global organization dedicated to third party risk assurance. Fivetran self-assesses against the SIG annually, providing our customers with an in-depth view of our control environment against a standardized set of inquiries.
We are certified under the EU-US Data Privacy Framework, the UK extension to the EU-US Data Privacy Framework, and the Swiss-US Data Privacy Framework.
In our potential role as data processor, we adhere to the principles of the EU94/95 privacy rules, as well the upcoming GDPR rules when they are in effect.
Get personalized answers to your trust and compliance questions
See how Fivetran can keep your data secure and confidential as you continue to innovate.
