Security

Overview

From development to delivery, SingleStore ensures that security is considered, designed, reviewed, and implemented so that the data of our customers, and their customers, is safeguarded as if it were our own.

SingleStore has built security into all its products, to those hosted by customers on their own infrastructure, to those SingleStore hosts on our customers’ behalf. Encryption, authentication, access, and monitoring are all things SingleStore is concerned with for you, so you can focus on the data and the value it can add.

Security Program

SingleStore has a holistic approach to information security combining a set of controls, both logical and administrative, that ensure the business meets both its compliance objectives and ensures the data of our customers is secure.

SingleStore employs a combination of internal audit and external third-parties to ensure that all controls, all elements of the product, our approach to disaster recovery, and business continuity are tested annually.

SingleStore believes in transparency, and all of our policies, audits, certifications, and details can be reviewed on our Security Profile.

Certifications

SingleStore has undergone an 18-month effort to transform the way the business approaches information security and data privacy. SingleStore has secured industry-leading security certifications including SOC 2 Type 2, and is also fully compliant to the requirements of HIPAA, CCPA, and GDPR.

SingleStore continues to mature its information security posture and is passionate about meeting the security and compliance requirements of our customers.

In this section

Last modified: January 22, 2025

Was this article helpful?

Verification instructions

Note: You must install cosign to verify the authenticity of the SingleStore file.

Use the following steps to verify the authenticity of singlestoredb-server, singlestoredb-toolbox, singlestoredb-studio, and singlestore-client SingleStore files that have been downloaded.

You may perform the following steps on any computer that can run cosign, such as the main deployment host of the cluster.

  1. (Optional) Run the following command to view the associated signature files.

    curl undefined
  2. Download the signature file from the SingleStore release server.

    • Option 1: Click the Download Signature button next to the SingleStore file.

    • Option 2: Copy and paste the following URL into the address bar of your browser and save the signature file.

    • Option 3: Run the following command to download the signature file.

      curl -O undefined
  3. After the signature file has been downloaded, run the following command to verify the authenticity of the SingleStore file.

    echo -n undefined |
    cosign verify-blob --certificate-oidc-issuer https://oidc.eks.us-east-1.amazonaws.com/id/CCDCDBA1379A5596AB5B2E46DCA385BC \
    --certificate-identity https://kubernetes.io/namespaces/freya-production/serviceaccounts/job-worker \
    --bundle undefined \
    --new-bundle-format -
    Verified OK