Trust and Security

Keeping Your Data Safe and secure in the motherduck nest


Protecting customer data is at the heart of our security and privacy program. We leverage a defense in-depth strategy, maintain operational security processes, and build customer trust through certified auditor attestations.

Cloud Security

MotherDuck’s production infrastructure is hosted on Amazon Web Services as our primary Infrastructure as a Service (IaaS) provider. In addition to AWS’s extensive list of security and privacy certifications, MotherDuck also implements and attests to its own set of policies and practices to secure your data. MotherDuck services run primarily as Kubernetes-controlled containers. MotherDuck’s policies and standards also govern the management of our container infrastructure.

Penetration Testing

MotherDuck contracts with industry-leading penetration testing providers to examine our production architecture at least once a year through scoped, formal testing.

Secure SDLC

The MotherDuck Software Development Life Cycle (SDLC) standard incorporates security practices throughout our platform’s planning, development, and release processes.

Vulnerability Management

MotherDuck follows OWASP guidelines in our Security Development Lifecycle. MotherDuck's SDLC is audited by an independent third party and is attested to in our SOC 2 Type I report.

Reporting Vulnerabilities

If you’ve found a security vulnerability or have questions about MotherDuck’s security practices, please email us at