SingleStore Managed Service

Privacy

Privacy is becoming increasingly important when it comes to data processing and analysis. SingleStore is both GDPR and CCPA compliant and are sensitive to the privacy challenges our customers face. Below are some key questions and answers regarding data privacy as it relates to Managed Service. To receive additional information, or to pose a question not answered here, please contact privacy@singlestore.com.

Who has access to my data and is the access GDPR compliant?

Site Reliability Engineers (SREs) perform much of the infrastructure and engineering work to ensure that your database, and our Managed Service offering, remain operational. The responsibilities of this role are similar for all products like our Managed Service. Access is both strictly monitored and frequently reviewed. Access to end-user data for the purpose of maintenance or debugging is sometimes required, and you may request to be notified about these actions. Aside from this rare occurrence, SREs will never access end-user data housed within Managed Service.

Our Support team may also require access to your cluster and/or data to troubleshoot and remediate issues, but this action would be undertaken at your explicit request via support ticket. You may request to be notified about these actions as well.

This access is permitted under Article 32 of GDPR to maintain service continuity and the security and integrity of your data.

Do we need to change all our customer contracts if we start using SingleStore?

SingleStore is considered a “data processor” when customers use our Managed Service to house their data and that of their end-users. In accordance with GDPR Article 15(1), it is required to disclose "the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations." Under GDPR, while the customer, or data controller, must maintain a list of data processors, disclosing this list to customers is not required. Instead, customers only need to be made aware that data processors are used. If a contract already includes this stipulation, then no additional changes to the contract are required.