Questions about the security of Cloud-hosted Metabase

Get Help
1

Dear Metabase Team,

We have a locally hosted instance for Metabase. However, we are considering moving it to the cloud version hosted by Metabase.

To do that, I have to get it through our security process. Could you please help me with the following:

  • Does Metabase have ISO/IEC 27001 accreditation?
  • What is the process for getting the SOC 2 Type II report?
  • At what location does Metabase host the instance? Is it possible to host in the EU?
  • Does Metabase have documented and established organizational and technical measures to assure data privacy and protection?
  • Does Metabase have regular security testing by an independent company? Does Metabase participate in a bug bounty program?

Thank you in advance!

Andras

2

Hi! please go to We don’t want your data. where we answer all of these questions :slight_smile:

3

Hey Luiggi,

I did that and managed to answer about 70% of the questions except those I posted.

I did review it again, I've realized that security testing is there, but I am missing the rest.

Andras

4
  • Does Metabase have ISO/IEC 27001 accreditation? No
  • What is the process for getting the SOC 2 Type II report? It's on the SOC2 report (you need to comply with SOC2 and then maintain the controls during 1 year, all this is verified by independent auditors)
  • At what location does Metabase host the instance? US - East Coast Is it possible to host in the EU? Not yet
  • Does Metabase have documented and established organizational and technical measures to assure data privacy and protection? Yes, you can get the documents in trust.metabase.com
  • Does Metabase have regular security testing by an independent company? yes, it's a SOC2 control Does Metabase participate in a bug bounty program? No
5

Thank you @Luiggi!