Trust Center

Minimal access.
Full transparency.

Your warehouse stays yours. Lighthouse retrieves only what your metric definitions require — nothing more.

"The warehouse remains customer-owned. Retrieval is limited to metric evaluation needs. Data residency stays in your control."

Least-Privilege Access

USAGE on schema for metadata discovery. SELECT on specific tables for metric execution. No WRITE or DML privileges — ever. Access revocable instantly.

Encryption End-to-End

TLS 1.2+ in transit. AES-256 at rest. All metric results and metadata stored securely in U.S.-based infrastructure.

Access Reviews & MFA

SSO via Google Workspace. MFA required for all privileged access. Quarterly access reviews and 24-hour offboarding window.

Audit Logging

Tracks authentication events, infrastructure and deployment activity, and metric execution telemetry. Incident response procedures in place.

SOC 2 in Progress

Formally progressing toward SOC 2 Type II certification. Aligned with SOC 2 Trust Services Criteria. PwC engaged as auditor.

Reliability

RTO: 24 hours. RPO: 24 hours. Business continuity and disaster recovery plan in place.

Data handling

Schema metadata discovery

Accesses table and view names, column names, data types, and schema structure. No row-level or cell-level records retrieved during this phase. Supports metric setup and autocomplete only.

Metric execution

Executes only customer-defined SQL. Returns only result sets from executed queries. Aggregated metrics return aggregates only. Does not replicate or crawl underlying raw datasets.

Data flow

Warehouse → read-only role → SQL execution
→ result sets → encrypted storage → UI display

Retention & residency

Data residency

All data processed and stored in the United States using U.S.-based infrastructure.

Active service

Metric results and metadata stored securely for history and UI display.

Offboarding

All retained data deleted within 30 days. Access revocation is instantaneous.

Subprocessors

Minimal U.S.-based infrastructure providers meeting SOC 2 or equivalent standards. Full list available upon request.

Questions about security?

We're happy to walk through our security posture, share policy documentation, or answer questions during your evaluation.