Our policies


  • Stitch’s web application uses encrypted communication. HSTS is used to ensure browsers always encrypt all communication with Stitch.
  • Stitch’s data source integrations use the minimum permissions that allow read access to necessary data, and can be configured by users to replicate only a subset of available data.
  • Stitch offers secure options for making connections to all data sources and destinations, including SSH tunneling, SSL/TLS, and IP whitelisting. Stitch exclusively uses HTTPS for web-based data sources.
  • Stitch provides direct access to logs from data source integrations for auditing, and sends notifications to users when error conditions are encountered.
  • Stitch only retains your data long enough to ensure it's moved successfully into your destinations.


  • Stitch’s servers are hosted in Amazon Web Services, which provides assurances for their physical and virtualized computing environments including SOC 1, 2, and 3, and ISO/IEC 27001.
  • Stitch operates within an Amazon Virtual Private Cloud (VPC), with subnets segregated by security level, and firewalls configured to restrict network access.
  • Stitch regularly performs automated vulnerability scans and installs security updates and patches.
  • Stitch’s application and environment is regularly audited by third-party security professionals conducting specialized penetration tests.

Data policies

  • Stitch classifies your data and credentials as our most critical assets. We strictly control access to data and credentials and require them to be encrypted using industry-standard methods both at rest and in transit within our environment
  • Stitch educates employees about their role in keeping customer data safe, and mandates policies that protect your data.
  • Stitch monitors application, system, and data access logs within its production environment for anomalous behavior.
  • Stitch maintains documented policies and procedures for handling security incidents, which include timely notification to affected customers in case of a verified data breach.


Stitch has been audited against SOC 2 security, availability, and confidentiality principles by an independent auditor.

Documentation is available upon request by contacting us:

Contact us to get started
Icon of a lock and a checklist

A HIPAA-compliant ETL service

If your data includes PHI subject to Health Insurance Portability and Accountability Act (HIPAA) regulations, Stitch has you covered.

We've worked with attorneys, security consultants, and health care policy experts to ensure HIPAA compliance as a business associate. Customers using Stitch with PHI and other HIPAA-regulated data must sign a Business Associate Agreement (BAA).

Contact us to get started
Icon of the caduceus

EU Data Privacy and GDPR

Stitch is in full compliance with the European Union's Global Data Protection Regulation (GDPR).

The Stitch Terms of Use includes a Data Processing Addendum (DPA) that enacts standard contractual clauses set forth by the European Commission to establish a legal basis for cross-border data transfers from the EU. The Stitch Privacy Policy also includes specific GDPR requirements.

Icon of the globe and a compass

Ready to learn more?

Contact our sales team today.

Set up in minutesUnlimited data volume during trial