Matillion Security

At Matillion we are Customer Obsessed, we Do Business with Integrity, and We Care, as part of our Core Values. Therefore, the security of our customers’ data is extremely important to us. We are committed to investing in technology, people, and processes that ensure our offerings are safe, secure, and private.

We use the NIST framework to ensure that we maintain the confidentiality, integrity, and availability of our customer and employee data.

Request a Security ReportReport a Security Issue

Security Certifications

We demonstrate our commitment to security by applying industry standards and regulation across all of our processes and products.

SOC2 Type II

Matillion has undergone a full, external audit in line with the AICPA’s SOC2 certification framework. This framework assesses the security controls applied to our whole business to signal the importance of security to our customers. You can request a copy of our report here.


Matillion complies with HIPAA requirements for Protected Health Information (PHI) and will sign an appropriate Business Associate Agreement (BAA) with customers who are subject to HIPAA.


Matillion have completed the Consensus Assessments Initiative Questionnaire (CAIQ) to document compliance with the Cloud Controls Matrix (CCM). This is a transparent document providing customer visibility into specific provider security practices

Cyber Essentials

Matillion has been awarded the Cyber Essentials certification. This certification is A UK Government backed scheme that aims to address the foundational and baseline controls needed to prevent the most common cyber attacks.


Matillion complies with all obligations under the European Union’s General Data Protection Regulation (GDPR) and DPA2018. Our privacy policy can be found here.


Whilst we do not store or process much personal information of our customers, Matillion still complies with all obligations under the California Citizens Privacy Act. More about our approach to privacy can be read here.

Our Security program

The safety of your data is of paramount importance to Matillion. We aim to be transparent in how your data is handled and how we comply with industry security standards so that you can use Matillion Data Loader and Matillion ETL with confidence.

Matillion conducts recurring risk assessments in order to drive our security program, both across our enterprise and within our product and service offering. We accept that no product, person, or process is ever complete, and strive to innovate while demanding quality within our security program. Our overall program has been assessed against SOC2 Type II by an independent, third-party auditor.

  • Security operations

    Matillion has a dedicated, experienced Information Security team that conducts automated monitoring of its estate on a 247x365 basis. We combine this monitoring with regular vulnerability scanning and manual audit / penetration testing.

  • Physical security

    Matillion is a cloud-native organization. All of our servers providing service offerings are hosted in AWS Data Centers. These facilities feature 24-hour manned security, biometric access control, video surveillance, and physical locks. The co-location facilities are powered by redundant power, each with UPS and backup generators.

  • Network security

    Our networks are protected by AWS technologies to prevent intrusion, monitor for malicious traffic, and alert against network-based attacks. Security events are collated in our logging and analysis systems.

  • Transmission security

    Transmissions between customers and Matillion-hosted services are encrypted by default using TLS. This ensures that traffic between your organization and Matillion remains encrypted within transit, protecting you against eavesdropping attacks.

  • Application security

    Matillion’s applications are developed using a Secure Software Development Life Cycle which includes secure coding, code assessments through static and dependency analysis, and testing checks for functional security controls.

  • Privacy

    Matillion complies with privacy legislation applicable based upon the subject and locale. You can read more information regarding our privacy policy here.

Our products

Matillion builds its products in line with a Secure Software Development Life Cycle. This process ensures that security is part of  every stage of development, from design to testing and deployment.

Our products feature the following security features:

  • Role-based application security with flexible single sign-on
  • Transmission security using up-to-date algorithms
  • Data encryption
  • Regular updates rolled out to all customers

Matillion ETL

Matillion does not have access to your data within a Matillion ETL deployment* so you have full control of your security posture. Matillion ETL is deployed as a virtual machine image within the customer’s cloud data warehouse. Therefore, it is within the scope of a customer’s security policy, reducing dependencies on third-party services.

*Matillion may collect anonymous telemetry data on product usage, which is sent back to our team for product improvement.

Matillion Data Loader

Matilllion Data Loader is a SaaS platform, and as such is governed by security controls set by Matillion. Data within Matillion Data Loader is segregated from other platform users – data is short-lived as it transitions from data sources through a customer-owned staging area and subsequently into the customer’s target data warehouse. All communication is conducted over SSL. You can read more about Matillion Data Loader security here.

Frequently Asked Questions

  • Do you process personal information? +

    • Matillion does not process your personal information. The Matillion ETL solution is indeed capable of processing personal information if you associate a datasource containing personal information to it. In this case the application will already be running in your environment and data will be moved between your data sources and target data warehouse.

  • Do you connect to our corporate network? +

    • Matillion ETL is deployed within your VPC, there is not a connection between Matillion ETL and Matillion’s network.

  • Is any data passed between ourselves and Matillion? +

    • No client data is passed back to, or stored by Matillion. The only exception to this statement is telemetry and billing metadata for delivery of our service.

  • How is the Matillion ETL updated? +

    • The product is updated directly from repositories maintained by Matillion. Releases are pushed to the repositories approximately every 8 weeks, although for any emergency releases they can be pushed out of this cadence. It is up to the client to run the update procedure should they wish to update.

Have you found a security issue with Matillion? Please report it to us so that we can assess and make any required fixes to our product or service.

Security issues may come in all shapes and sizes. If you have issues of any kind,  we want  to hear from you. We ask that you don’t try to actively exploit any issues, but instead work with us in a considered manner to address them.

If reporting a sensitive issue, you can encrypt your message using our team’s GPG Key.

If you would like to engage further in researching security issues with Matillion, please get in touch.

Note – While we appreciate your work, we do not currently have a paid bug bounty program.

Report a security issue

Request a Security Report

We would love to share more, if you would like to request a report please click the button below and complete the NDA.

Request Report

Begin your data journey

Matillion provides simple, powerful, easy to use data integration and ETL products that enable your company's data journey.