Hex is built on industry-leading security and privacy standards that keep our customer's data secure while connecting, querying, analyzing, and sharing. Hex is committed to helping customers of all sizes meet their data protection and compliance requirements.
As evidence of this, we have obtained our SOC 2 Type II report, which attests to the effectiveness and our adherence to security controls and processes.
Hex has created a security-first company culture that begins at employee onboarding and expects accountability in our obligation to ensure customer data security and privacy protection. Employees are required to attend data security classes and adhere to policies required to maintain SOC2 certification. Hex undergoes regular penetration testing and operates a private bug bounty program.
With Hex, your analysis is powered by live queries against your database, and data applications are shared securely without ever giving access to underlying data. No more extracting data to notebooks, .csv, and Excel files, proprietary third-party databases, or desktops. This is a distinguishing feature of Hex; minimizing data movement and restricting data access to a need-to-know basis.
Data in Hex projects are ephemeral by design, ensuring that your data is short-lived in the kernel memory. Hex's configurable caching layer gives full control over the query cost to your data warehouse cost without the sacrifice of storing data long-term.
Hex's data workspace is built from the ground up with security in mind. Data warehouse credentials are stored securely in a vault, encrypted at rest. Hex queries your data warehouse to answer questions, returns the result to an isolated kernel, then optionally caches the result.
Workspace administrators have control over what users have access to and can restrict access to databases, and the ability to view or edit projects.
Hex supports SSO (Google Apps, OKTA, and OIDC).
Hex's approach to data access is especially valuable for companies with GDPR or other privacy considerations and in sectors with specific security requirements.
Hex has a comprehensive control structure, which breaks down into three main categories:
For customers who need to meet specific regulations or privacy considerations, Hex is deployable to a single-tenant model in a geographic region of your choosing (as long as itโs supported by AWS), guaranteeing exclusive access to Hex resources.
Hex uses AWS for data processing and storage. Data at-rest and in-transit are fully encrypted. Hex uses AES 256-bit encryption to secure data at-rest, such as database credentials, file uploads, and cached query results. Hex uses TLS v1.2 or newer to encrypt data in-transit, such as network traffic between Hex's servers and between Hex and user's browsers.
Hex adheres to the principle of least privilege: the only personnel who can access your data are engineers and support staff that require access to perform their duties, and direct data access is only allowed in response to a customer issue. Customer Data access is logged.
Hex centrally manages internal identities via an identity provider (IdP), authentication via an single sign-on (SSO) platform where possible, and authorization via infrastructure-as-code (IaC) where applicable. Access to production systems and Customer Data is centralized, protected by multi-factor authentication (MFA), and any access control changes require multiple reviewers before being deployed.
Our customers' data is their data. We don't sell, access, or use it for anything, ever, aside from improving our product and supporting users.
Hex utilizes software composition analysis (SCA) and static application security testing (SAST) to find vulnerabilities in first-party code and third-party dependencies. Pull Requests are automatically tested for breakage, vulnerabilities, and other code quality issues. Production code repositories use branch protections to require multiple reviewers before changes are deployed. Production changes are deployed via deployment pipelines. Hex engineers monitor a variety of system health metrics to ensure that the change has had no negative impacts on the system as a whole.
For all customers, Hex provides technical support via email on weekdays from 9 am to 5 pm Pacific Time as a minimum. Support via Slack channel may also be provided upon request.