Trust and Security
Keeping Your Data Safe and secure in the motherduck nest
Security
Protecting customer data is at the heart of our security and privacy program. We leverage a defense in-depth strategy, maintain operational security processes, and build customer trust through certified auditor attestations.
Cloud Security
MotherDuck’s production infrastructure is hosted on Amazon Web Services as our primary Infrastructure as a Service (IaaS) provider. In addition to AWS’s extensive list of security and privacy certifications, MotherDuck also implements and attests to its own set of policies and practices to secure your data.
MotherDuck services run primarily as Kubernetes-controlled containers. MotherDuck’s policies and standards also govern the management of our container infrastructure.
Penetration Testing
MotherDuck contracts with industry-leading penetration testing providers to examine our production architecture at least once a year through scoped, formal testing.
Secure SDLC
The MotherDuck Software Development Life Cycle (SDLC) standard incorporates security practices throughout our platform’s planning, development, and release processes.
Vulnerability Management
MotherDuck follows OWASP guidelines in our Security Development Lifecycle. MotherDuck's SDLC is audited by an independent third party and is attested to in our SOC 2 Type I report.
Reporting Vulnerabilities
If you’ve found a security vulnerability or have questions about MotherDuck’s security practices, please email us at security@motherduck.com.