Built for security
Data Governance Starts with Control
Stitch enables you to centralize your data into a single warehouse, where you can control who accesses it at a granular level.
We use industry-standard AES encryption to secure your data at rest, and the TLS protocol to secure it in transit.
Secure Connectivity to Your Data
Stitch offers secure options for making connections to your data sources and destinations, including SSH tunneling, SSL/TLS, and IP whitelisting.
A HIPAA-compliant ETL service
If your data includes PHI subject to Health Insurance Portability and Accountability Act (HIPAA) regulations, Stitch has you covered.
Secure, private, and compliant
Any organization that handles protected health information (PHI) needs to comply with HIPAA regulations – and part of that compliance includes ensuring any partners that handle PHI for you also comply.
We've worked with attorneys, security consultants, and health care policy experts to ensure HIPAA compliance. We provide safeguards for all PHI passing through our data pipeline.
Our systems are subject to constant monitoring and auditing to ensure we remain in compliance. Customers using Stitch with PHI and other HIPAA-regulated data must sign a Business Associate Agreement (BAA). For more information, see our white paper.Contact us to get started
- Encryption of data at rest
- Customer data is encrypted anytime it's written to disk using the AES-256 encryption algorithm.
- Encryption of data in transit
- Customer data is encrypted using TLS anytime it's sent across the network.
- Network zoning
- Machines handling HIPAA data are isolated from other parts of the infrastructure.
- Multifactor authentication
- Required to access parts of the infrastructure that process PHI.
- Access monitoring
- Access to data is logged and monitored for unauthorized or anomalous access.
The passage of the Global Data Protection Regulation (GDPR) is an important milestone in the evolution of data privacy.
Stitch also complies with many of the security tenets laid out in the GDPR, specifically those around security of processing, including appropriate technical and organizational measures.