Built & designed for data security and privacy

Customer trust and data security are central to everything we do at Weld. From the way we build our products, to the way we think about our customers' data. Find out how we keep your data secure.
Download one pager
Certified by best-in-class auditors

Upholding industry-leading security standards

SOC 2 Type II
Weld is SOC 2 Type II compliant, meaning that the way we process and store client data is secure and protected, based on standards set by the AICPA.
ISO Certified
All Weld servers are ISO-certified and located in Frankfurt. Additionally, back-ups are filled in different locations.
SSL Secured
We secure our codebase and have SSL encryption further protect your data against a broad range of attacks.
By using state-of-the-art authentication technology, we offer two-factor authentication and our role-based access out of the box.

Best practices for developing secure software

Weld is built by a team of engineers with deep experience in building banking-grade security at Pleo, and we are committed to having Weld as a data company to apply the same high standards.

This goes across Weld's operations, product, and development of which we have built with staging and production environments, encrypted  credentials separated from code, and “infrastructure-as-code” that eases auditing and permits fine-grained access to cloud resources.

In addition, we always use 2-factor authentication and secure password generators internally.

Compliant with GDPR (& CCPA)

Weld is designed to not store any personal identifiable information during data synchronization. We recognize that it’s important to be compliant with modern data privacy practices, and we have no interest in neither data storing or data profiling, as we exist to move data - not store data. Please see a link to our Data Processing Agreement and Privacy Policy.

Data encrypted in transit & at rest

Weld uses recent SSL and TLS versions for all connections between systems. From your browser to the Weld application, from our servers to your data warehouse or SaaS application, as well as internally between our own services and databases.

Our own core backend application is located in our HIPAA-compliant AWS deployment, where our servers are in a private subnet without connection to the Internet.

The data pipeline at Weld is fully encrypted in transit and at rest, using the in-memory data structure store Redis running our ephemeral workers. We do therefore not see the data we are moving.

Our authentication system, also fully encrypted, is handled by the enterprise-grade solution Auth0.

Built on top of the world’s most secure cloud infrastructure

Weld is running on top of Amazon Web Services (AWS). We host our servers in the European Union and only work with cloud providers whose datacenters are SOC 2 and ISO 27001 certified. These cloud providers guarantee a best-in-class state of the physical and network security of Weld’s servers and help us ensure that our server software is always up to date and protected from any newly-discovered threats.

Use the least privileges needed for handling data

Weld does not require super-user access to your data warehouse, and will request the fewest OAuth scopes needed to your SaaS applications in order to provide the Weld solution. The secrets we store with enterprise-grade AWS Secrets Manager which is both PCI and SOC 2 compliant.

For connection to data warehouses, we support an SSH connection in case the data warehouse is located in a private subnet.
You can find more information on our Privacy page.