Trust & Security

Your data stays in your Snowflake.

Refyner connects to the Snowflake account you own. Your prep and scheduling run as pushdown inside your warehouse – the data is read, transformed, and written within your environment. Refyner orchestrates the work and stores configuration and metadata; it is not a copy of your data.

Data residency by design

Your raw business data stays inside your Snowflake. Refyner pushes work down to your warehouse rather than extracting data into ours.

Least-privilege access

Refyner connects with a scoped Snowflake role you control and can revoke at any time. You decide which databases and schemas are in scope.

Control plane only

Refyner stores dataflow definitions, schedules, run logs and metadata – the instructions, not your customers' records.

Our posture

Certifications & controls

Where Refyner's own application infrastructure is concerned, here's where we stand today and what's on the roadmap.

Cyber Essentials (UK)
Certified
Application hosting
Microsoft Azure · UK South
SOC 2 Type II
On roadmap
ISO 27001
On roadmap
Encryption in transit & at rest
TLS 1.2+ / AES-256
SSO / SAML
Available on paid tiers
Penetration testing
Annual, third-party
Backup & recovery
Daily, point-in-time
Availability commitment
On purchased SLA

Azure's certifications cover the underlying infrastructure only and don't substitute for Refyner's own controls. Specific certification target dates are confirmed during procurement.

AI assistance

How AI features handle your data

Refyner uses AI to help author and explain dataflows. We're deliberately transparent about what that involves, because we know it's the part a security review looks at hardest.

What is sent

  • Schema and structural metadata (table and column names, types)
  • Only the sample rows you explicitly approve, when you ask for AI help on specific data

Your full datasets are never sent to an external model.

Our commitments

  • Enterprise model provider under a no-training data processing agreement
  • Your data is not used to train third-party models
  • AI assistance can be disabled at the workspace level
Deployment choice

Cloud, or inside your own walls

Refyner Cloud

We host and run the Refyner control plane on Azure. Your data still stays in your Snowflake; only dataflow configuration and metadata sit with us.

Refyner Self-Hosted

The entire control plane deploys inside your own cloud or VPC. Nothing – including metadata – leaves your boundary. Suited to data-residency and compliance requirements.

Sub-processors

For Refyner Cloud, we rely on a small set of sub-processors to operate the service. Your warehouse data is not shared with them; they support the control plane only.

  • Microsoft Azure – application hosting (UK South)
  • Enterprise AI model provider – AI authoring assistance (schema + approved samples only)
  • Payment, email and error-monitoring providers – billing, transactional email, and reliability

A current list of sub-processors is available on request. Self-hosted deployments do not use Refyner-operated sub-processors for your data.

Reporting a vulnerability

If you believe you've found a security issue, please contact security@refyner.com. We'll acknowledge and work with you on a responsible disclosure.

Need our security questionnaire or DPA?

We keep a pre-filled security questionnaire and data processing agreement ready for review. Reach out and we'll send them over.