Trust and Security

MotherDuck’s production infrastructure is hosted on Amazon Web Services as our primary Infrastructure as a Service (IaaS) provider. In addition to AWS’s extensive list of security and privacy certifications, MotherDuck also implements and attests to its own set of policies and practices to secure your data. MotherDuck services run primarily as Kubernetes-controlled containers. MotherDuck’s policies and standards also govern the management of our container infrastructure.

MotherDuck contracts with industry-leading penetration testing providers to examine our production architecture at least once a year through scoped, formal testing.

The MotherDuck Software Development Life Cycle (SDLC) standard incorporates security practices throughout our platform’s planning, development, and release processes.

MotherDuck follows OWASP guidelines in our Security Development Lifecycle. MotherDuck's SDLC is audited by an independent third party and is attested to in our SOC 2 Type I report.