Interested in how Canva uses Dovetail?Watch here

Data security and privacy

We enable thousands of organizations to better understand their customers. Keeping your data private, secure, and compliant is fundamental to this effort.

We take regular data backups and test recovery, run penetration testing, encrypt all data at rest and in transit, conduct static code analysis and third party vulnerability scanning, sanitize our logs, secure individual customers at the database level, and many other cloud security techniques. We’re not in the business of selling your data (anonymized or otherwise). You own your data and we will never sell it to third parties. We also won’t look at your data unless you give us permission for a support case. Scroll down for information about specific security practices, and read our privacy policy, customer terms of service, list of third party data subprocessors, and GDPR commitment in our legal center.


Our security program

Dive deep into our comprehensive security policies and documentation.

Product security features
Infrastructure and network security
Data security and privacy
Business continuity and disaster recovery
Corporate security
Compliance

SOC 2 Type II

We have received our SOC 2 Type II report demonstrating that Dovetail has the appropriate controls in place to mitigate risks related to security, availability, and confidentiality.

More on SOC 2

GDPR-ready

Dovetail has made information security and data privacy foundational principles of everything we do, and we recognize the importance of adhering to regulations to advance information security and data privacy for citizens of the EU.

Our commitment

Security features

Features and processes in our product and day-to-day operations.

Login
OpenID-based SSO

Single sign-on support via OpenID Connect, available in leading identity providers.

Key
Encryption in transit & rest

All data is encrypted in transit via TLS 1.2 and at rest with AES-256 encryption.

Lock
Access control

Control who can manage, view, and edit projects with granular project permissions.

Realtime
JIT provisioning

Leverage domain-restricted sign up to provision user accounts as they need access.

Users
Managed users

Ability to provide and revoke access to roles, and manage active user sessions.

Globe
Domain allowlisting

Restrict user provisioning to verified email addresses at your approved domains.

Shield
SOC 2 Type II

Established mitigation of risks related to security, availability, and confidentiality.

European union
GDPR-ready

Dovetail adheres to the EU’s GDPR legislation on storage and deletion of user data.

Coming soon

A few of the security and privacy features we have planned.

Audit log

See an audit trail of all user actions in your workspace.

Data anonymization

Anonymize data as it’s uploaded to your workspace.

User roles

More granular user permissions.

See the roadmap
Start a 7 day free trial

Start free trial
A few of our customers

See more customers →
bcg
Figma
gitlab
glossier
nng
shopify
square
vmware
Product

AnalysisRepositoryPeopleEnterpriseZoom integrationLog inStatusPricing