Security & Trust

Built to deploy where your data lives.

VioGraph is designed for environments where data cannot leave the network perimeter — banks, healthcare, government. Here's our current security posture and our honest compliance roadmap.

Your data never leaves your VPC.

VioGraph is an in-place query engine. Credentials and data pages stay in your Kubernetes cluster. We operate the control plane you install; we never operate your data.

Current security posture

Data stays in your warehouse

VioGraph reads from Snowflake / BigQuery / Databricks / Starburst under your existing credentials. No data is copied, persisted, or sent to third parties. Graph instances are ephemeral — torn down when idle.

Deploy in your VPC

The entire control plane + compute pods run on your Kubernetes cluster (GKE, EKS, AKS, or on-prem OpenShift). Managed Cloud is opt-in; the default is fully self-hosted.

Encryption in transit & at rest

TLS 1.2+ on every network hop. Credentials stored via Kubernetes Secrets (Sealed Secrets / external-secrets supported). Control-plane Postgres encrypted at rest by cloud provider.

Credentials never touch our infrastructure

Warehouse credentials are written directly into your K8s namespace. The VioGraph team cannot read, decrypt, or exfiltrate them. Workload Identity supported for zero-secret deployments on GKE/EKS.

Role-based access control

Three built-in roles (analyst, admin, ops). JWT auth at the edge via oauth2-proxy — plugs into Okta, Azure AD, Google Workspace, Keycloak, and any OIDC provider.

Open source, auditable

The entire platform is Apache 2.0 on GitHub. Your security team can review every line before deployment. No closed-source binaries, no vendor black-boxes.

Compliance roadmap

We publish where we are — honestly. Certifications take time and money; here's the plan. For enterprise evaluations that need any of these today, talk to us — on-prem/VPC deployment lets most compliance asks be answered by your existing controls.

Standard	Status	Target
SOC 2 Type I	In scoping	Q3 2026
SOC 2 Type II	Planned	Q1 2027
ISO 27001	Planned	2027
GDPR / UK GDPR DPA	Template available on request	Today
Third-party penetration test	Vendor scoping	Q3 2026
HIPAA eligibility	On request (on-prem deployment)	Today

Responsible disclosure

If you believe you've found a security vulnerability, email [email protected] with details and steps to reproduce. We'll acknowledge within 72 hours and coordinate a fix timeline with you before any public disclosure.

Please do not open public GitHub issues for security reports.