Built for security

Integration Infrastructure Icon

Data Governance Starts with Control

Stitch enables you to centralize your data into a single warehouse, where you can control who accesses it at a granular level.

End-to-end Encryption

We use industry-standard AES encryption to secure your data at rest, and the TLS protocol to secure it in transit.

Security Features Icon

Secure Connectivity to Your Data

Stitch offers secure options for making connections to your data sources and destinations, including SSH tunneling, SSL/TLS, and IP whitelisting.

A HIPAA-compliant ETL service

If your data includes PHI subject to Health Insurance Portability and Accountability Act (HIPAA) regulations, Stitch has you covered.

Secure, private, and compliant

Any organization that handles protected health information (PHI) needs to comply with HIPAA regulations – and part of that compliance includes ensuring any partners that handle PHI for you also comply.

We've worked with attorneys, security consultants, and health care policy experts to ensure HIPAA compliance. We provide safeguards for all PHI passing through our data pipeline.

Our systems are subject to constant monitoring and auditing to ensure we remain in compliance. Customers using Stitch with PHI and other HIPAA-regulated data must sign a Business Associate Agreement (BAA). For more information, see our white paper.

Contact us to get started
Encryption of data at rest
Customer data is encrypted anytime it's written to disk using the AES-256 encryption algorithm.
Encryption of data in transit
Customer data is encrypted using TLS anytime it's sent across the network.
Network zoning
Machines handling HIPAA data are isolated from other parts of the infrastructure.
Multifactor authentication
Required to access parts of the infrastructure that process PHI.
Access monitoring
Access to data is logged and monitored for unauthorized or anomalous access.
Contact us to get started

GDPR compliance

The passage of the Global Data Protection Regulation (GDPR) is an important milestone in the evolution of data privacy.

GDPR affects every business in the data community that has a presence in the EU or processes the personal data of European residents. Stitch is in full compliance with the present European data privacy laws that are in effect today and will be fully compliant when the GDPR rules go into effect on May 25, 2018. We’ll be implementing a Data Processing Addendum (DPA) in the Stitch Terms of Use that will enact standard contractual clauses set forth by the European Commission to establish a legal basis for cross-border data transfers from the EU. We will also modify the Stitch Privacy Policy to include specific GDPR requirements and demonstrate compliance.

Right now, Stitch establishes a legal basis for transferring data on European citizens to a data processor outside the EU based on an adequacy decision from the European Commission. Stitch is a member of PrivacyShield, a certifying body that has been deemed to ensure an adequate level of protection by the Commission (section 8.5 Stitch Terms of Use).

Stitch also complies with many of the security tenets laid out in the GDPR, specifically those around security of processing, including appropriate technical and organizational measures.