Your data. Your account. Our compute.
DataLynxr's security model starts with a simple fact: your data never leaves your cloud account. Compute is DataLynxr's — storage is yours.
How the security model works
Your bucket, your keys
DataLynxr uses your cloud identity (AWS IAM role / GCP service account / ADLS managed identity) to read/write storage. Your bucket policy controls access. We never touch your encryption keys.
Encryption at rest and in transit
All data in your object storage is encrypted using your cloud provider's server-side encryption (SSE-S3, CMEK, or SSE-C). All traffic between DataLynxr compute and your storage uses TLS 1.3.
Role-based access control
DataLynxr supports RBAC at the workspace, catalog, and table level. Define which users or service accounts can query, stream to, or read features from specific tables.
Immutable audit log
Every read, write, and schema change is recorded in an append-only audit log delivered to your own object storage bucket. You own the audit trail — it can't be modified by DataLynxr.
VPC peering (Enterprise)
Enterprise plans support VPC peering and private link configurations so DataLynxr compute nodes communicate with your storage over your private network — no public internet path.
SSO / SAML
DataLynxr supports SAML 2.0-based SSO. Connect your identity provider (Okta, Azure AD, Google Workspace). JIT provisioning supported on Enterprise plans.
Security controls by plan
| Control | Developer | Team | Enterprise |
|---|---|---|---|
| TLS 1.3 in transit | |||
| Your-bucket encryption at rest | |||
| RBAC (workspace level) | |||
| RBAC (table level) | — | ||
| Immutable audit log to your bucket | — | ||
| SAML SSO | — | — | |
| VPC peering / private link | — | — | |
| SOC 2 controls alignment | — | — |
SOC 2 controls alignment means DataLynxr is designed with controls mapped to SOC 2 Trust Service Criteria. Enterprise contracts include a controls summary document. We are a bootstrapped company and have not completed a third-party SOC 2 audit.
Found a vulnerability?
We have a responsible disclosure policy. If you discover a security issue in DataLynxr's platform or infrastructure, please email us privately before public disclosure.
[email protected] — subject line: "Security Disclosure"
We respond within 2 business days. We do not offer a bug bounty at this time but we publicly credit responsible disclosures (with your permission).
Enterprise security questions?
Ryan talks to every enterprise team about security requirements before onboarding.