Built on zero-trust
Your data is encrypted, ephemeral, and always under your control.
Encryption
TLS + AES-256
Secrets
Secret Manager
Retention
Zero-persist
Auth
Firebase + IAM
AES-256 encrypted at rest in Secret Manager
IAM-scoped — only pipeline SA can read
Excluded from all logs and error reports
Users can rotate credentials anytime via UI
SQL Server: TDS over TLS 1.2+ (Encrypt=yes)
API: HTTPS-only on Cloud Run (HTTP rejected)
GCP internal: mTLS between services
GCS staging: Google-managed AES-256 (CMEK available)
Staging files deleted after successful BigQuery load
7-day lifecycle policy as safety net
No secrets in Firestore — only metadata
Unique service account per tenant
BigQuery Data Editor + Job User only
User can revoke access anytime via IAM
Firebase Auth + Cloud Run IAM for APIs
Cloud NAT with static outbound IPs
Agent-based: outbound-only tunnels, no inbound ports
CORS restricted to Datantra origin
Rate limiting on sensitive endpoints
Config changes logged with user ID and diff
Pipeline runs tracked with rows/errors/timing
Secret Manager access via Cloud Audit Logs
API requests logged (no bodies for privacy)
Security at each stage
Source
TLS + Secret Manager
Processing
Ephemeral containers
Staging
AES-256 + auto-delete
Destination
Scoped SA + user IAM
Compliance checklist
All 12 controls passing Credentials never in plaintext
TLS 1.2+ for all connections
AES-256 encryption at rest
Per-tenant isolation
Zero-persistence staging
User-revocable access
Full audit logging
No data persisted on infra
Firebase + IAM auth
Rate limiting enabled
CORS restricted
Read-only source access