Security and Compliance
Designed by security industry veterans, the Monte Carlo platform can meet stringent privacy and security standards.
Highlights
- Monte Carlo only extracts metadata, query logs and aggregated statistics into its cloud service. In particular, Monte Carlo can support a setup where no individual records or PII are ever taken out of your environment.
- Monte Carlo uses read-only access via APIs and/or dedicated service accounts and allows granular permissions to datasets of your choice.
- Monte Carlo's hybrid architecture allows you to run its collector on your own cloud infrastructure so you never have to expose any of your data warehouses, data lakes and BI tools to Monte Carlo's cloud.

Architecture overview
Compliance
- Monte Carlo will provide a SOC 2 Type 2 report upon request (Security, Availability and Confidentiality criteria).
- Monte Carlo will sign NDAs and/or DPAs where appropriate.
- Monte Carlo collects metadata, logs, and metrics for the purpose of identifying data reliability issues. However, we acknowledge that the service may collect and process personal data as part of query logs or through other data sampling search functionality that you initiate within the Monte Carlo platform. If any such data is passed to Monte Carlo, it is used for the sole purpose of identifying data reliability issues.
- This data is encrypted in transit and at rest, and is only stored on the Data Collector, which you have the option of hosting in your own environment.
Security and privacy practices
Monte Carlo's team implements industry best practices across the board to protect the security of its application, and the data privacy of its customers. The following are only some of the elements of our security program and system architecture:
- Monte Carlo will only collect metadata, logs, and metrics for the sole purpose of identifying data reliability issues. Your information will only be used to generate your own reports and will not be shared with any external parties.
- Processing is conducted on secure servers hosted on Amazon Web Services. All storage systems are encrypted, and all servers are tightly access controlled and audited. Data is encrypted in-transit at all times.
- In cases where debugging or maintenance work is required, a minimal number of engineers will be permitted to access the data necessary for this purpose. All engineers use encrypted laptops and are required to remove data from their devices when their debugging session is complete. Laptop security policies are enforced using MDM.
- Monte Carlo will access your environment from a single source IP dedicated to you, allowing you to protect access to your data resources at the network level.
- An annual penetration test is performed to validate Monte Carlo's posture and identify vulnerabilities. Our latest penetration test report was issued in February 2023.
- Monte Carlo's service runs on highly available and highly redundant cloud services, mostly on Amazon Web Services in the US East 1 region.
- Access to all critical systems and production environments is protected using strong passwords and multi-factor authentication. Where possible, SSO is used for centralized access control. Access is reviewed prior to being granted and then periodically thereafter.
Information Monte Carlo collects
The following information may be processed and stored by Monte Carlo:
Information | Details | Purpose | Stored on |
---|---|---|---|
Metadata | Names of tables, fields, field types, names and attributes of BI reports/dashboards and other such metadata. | Build a catalog of warehouse, lake and BI objects along with schema information. | Cloud service |
Metrics | Row counts, byte counts, last modification date and other similar table-level metrics | Track freshness, volume and other health metrics. | Cloud service |
Query logs | History of queries, as well as metadata about them (timestamp, user performing the query, errors if any, etc). | Track lineage, usage analytics and query history to help with troubleshooting and prevention use cases. | Cloud service |
Aggregated, anonymized statistics | Aggregated statistical measures of the data in selected tables, based on opt-in. Statistics may include null rates, distinct values, row counts, percentiles, and other similar metrics. | Track data health and corruption using ML-based anomaly detection as well as customer-provided rules. | Cloud service |
Troubleshooting data | A small sample of individual values or data records from the customer environment that are associated with a data reliability incident detected by Monte Carlo. | Help users quickly identify the nature of data issues and their root cause. | Data collector |
Updated 21 days ago