Trust Center

Start your security review
View & download sensitive information
Search items
ControlK

Overview

At Fivetran we know that data movement is your foundation for innovation, and are committed to providing robust security and privacy programs that protect your data as we would our own.

Our Trust Center is at the core of our many transparency efforts, and we hope you will find accessing our comprehensive security, privacy, and compliance documentation as easy as setting up your first Fivetran pipeline.

Compliance

CCPA Logo
CCPA
Cyber Essentials Logo
Cyber Essentials
GDPR Logo
GDPR
HITRUST Logo
HITRUST
ISO 27001:2022 Logo
ISO 27001:2022
PCI DSS v4.0.0 Logo
PCI DSS v4.0.0
SOC 1 Logo
SOC 1
SOC 2 Logo
SOC 2

All Reports, Documents, & Attestations

Featured Documents

COMPLIANCESOC 2
COMPLIANCEISO 27001:2022
SECURITYSecurity Whitepaper
COMPLIANCESOC 1
SECURITYPentest Report
SELF-ASSESSMENTSCAIQ
SELF-ASSESSMENTSSIG Core - Fivetran
INFORMATION SECURITY POLICIESFivetran Information Security and Acceptable Use Policy
DATA PRIVACYGlobal Records Retention Policy
LEGAL COMPLIANCECertificate of Insurance

Security

GxP Whitepaper
ISO 27001 Statement of Applicability
Pentest Report
View more

Self-Assessments

CAIQ
HECVAT Full
SIG Core - Fivetran
View more

Information Security Policies

Access Control Policy
Awareness and Training Policy
Configuration Management Policy
View more

Environmental, Social, and Governance

Anti-Modern Slavery
Code of Business Conduct and Ethics
Third Party Code of Conduct

Legal Compliance

Subprocessors
Certificate of Insurance
Data Processing Agreement
View more

Data Privacy

Changes in Applicable Data Protection Law Policy
Cookie Consent Policy
Data Protection Contractual Language Policy
View more

Security Grades

Qualys SSL Labs
fivetran.com
A+

Risk Management

Risk Management Policy (RA)
Supplier (Vendor) Risk Management Policy (SR)
Knowledge Base (FAQ)
    What is Fivetran's retention period for backups and what data is stored in backups?
    Please describe the company/user data you require to provide your service: personal information, financial data, confidential/sensitive data, etc.
    Does Fivetran encrypt data in transit and at rest?
    Does Fivetran have a Disaster Recovery Plan (DR) or a Business Continuity Plan (BCP)? How ofter are these plans tested?
    What is the process for changing personal data or DW and retention?
View more
Trust Center Updates

CVE-2021-35587

Copy link
Vulnerabilities
April 9, 2025

We are aware of recent reports regarding a potential security incident affecting Oracle Cloud, and our security team is actively monitoring the situation and analyzing any potential impact on Fivetran and our customers as new details emerge. We want to assure you that Fivetran does not utilize Oracle Cloud Infrastructure (OCI) in the delivery of our services; therefore, Fivetran services are not directly impacted by the reported event. If you utilize Fivetran to connect to or from Oracle Cloud, we echo Oracle's recommendation to review your Oracle Cloud credentials and consider rotating them as a precautionary measure. We are committed to the security of your data and will provide further updates as they become available.

CVE-2024-38526

Copy link
Vulnerabilities
July 8, 2024

As of today, to the best of our knowledge, Fivetran has patched the vulnerability noted in accordance with our vulnerability management policy and no impact to Fivetran has been detected. Additionally, no production subprocessor has issued any security bulletins to Fivetran in response to this vulnerability.

If you need help using this Trust Center, please contact us.
Contact support
Built onSafeBase by Drata Logo