// Trust & Security Report

    Dataiku, Inc. logo

    Dataiku, Inc.

    Enterprise AI and machine learning platform with data science, MLOps, GenAI agents, and AI governance capabilities

    Certifications held

    9

    Maturity

    Enterprise

    Trains on your data

    No

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    ISO 27001:2022
    HELD

    Dataiku is ISO 27001:2022 certified, demonstrating that Dataiku has implemented and maintained an Information Security Management System (ISMS). The ISMS is the international gold standard of technical and administrative information security requirements involved in an organization's risk management process.

    Verify on dataiku.com
    ISO 27701:2019
    HELD

    Dataiku is ISO 27701:2019 (data processor & data controller) certified, demonstrating that Dataiku has implemented and maintained a Privacy Information Management System (PIMS) for its data processing activities.

    Verify on dataiku.com
    ISO 9001:2015
    HELD

    Dataiku is ISO 9001:2015 certified, demonstrating Dataiku's commitment to delivering high quality product, services and meeting the needs of customers and applicable statutory and regulatory requirements.

    Verify on dataiku.com
    SOC 2 Type II
    HELD

    Dataiku has completed SOC 1 Type II and SOC 2 Type II assessments to assure our customers that internal controls are in place to protect their data. It contains our auditor's evaluation of the design, implementation, and operating effectiveness of Dataiku's internal controls, based on the Internal Control over Financial Reporting (ICFR) or the AICPA Trust Services Principles and Criteria, respectively.

    Verify on dataiku.com
    SOC 1 Type II
    HELD

    Dataiku has completed SOC 1 Type II and SOC 2 Type II assessments to assure our customers that internal controls are in place to protect their data.

    Verify on dataiku.com
    HIPAA
    HELD

    To support the compliance programs for our Healthcare/ Life Sciences customers, Dataiku has voluntarily extended its Trust program to include a HIPAA (Health Insurance Portability and Accountability Act) compliance report. Our auditors provided their opinion on if the information security program implemented to support Dataiku Cloud conformed to the applicable implementation specifications within the HIPAA Security Rule, and the HITECH breach notification requirements, as described in HIPAA Part 164 of CFR 45.

    Verify on dataiku.com
    GxP
    HELD

    Dataiku is a GxP-compliant supplier with a number of healthcare and pharmaceutical clients. Dataiku is able to demonstrate to our clients it meets industry-leading practices of quality and security to adhere to our clients' Quality Management Systems (QMS).

    Verify on dataiku.com
    GDPR
    HELD

    Dataiku is compliant with global data protection regulations, such as the GDPR and the CCPA.

    Verify on dataiku.com
    CCPA
    HELD

    Dataiku is compliant with global data protection regulations, such as the GDPR and the CCPA.

    Verify on dataiku.com
    > Show 6 unconfirmed / not-held certifications
    PCI DSS
    NOT CONFIRMED

    No public evidence of PCI DSS certification found on Dataiku's trust center or any other vendor-domain page as of 2026-06-29.

    source: dataiku.com
    FedRAMP
    NOT CONFIRMED

    No public evidence of FedRAMP authorization or listing found on Dataiku's trust center or the FedRAMP Marketplace as of 2026-06-29.

    source: dataiku.com
    ISO 27017
    NOT CONFIRMED

    No public evidence of ISO 27017 certification found on Dataiku's trust center or any vendor-domain page as of 2026-06-29.

    source: dataiku.com
    ISO 27018
    NOT CONFIRMED

    No public evidence of ISO 27018 certification found on Dataiku's trust center or any vendor-domain page as of 2026-06-29.

    source: dataiku.com
    CSA STAR
    NOT CONFIRMED

    No public evidence of CSA STAR certification or registration found on Dataiku's trust center or any vendor-domain page as of 2026-06-29.

    source: dataiku.com
    ISO/IEC 42001 (AI Management System)
    NOT CONFIRMED

    Dataiku offers an ISO 42001 Readiness Solution to help customers align to ISO 42001, but does not claim to hold the ISO 42001 certification itself. No public evidence of Dataiku holding this certification found on any vendor-domain page.

    source: knowledge.dataiku.com

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Offered

    Data region

    Customer-selectable region for Dataiku Cloud (SaaS). For self-managed deployments, all data remains in the customer's own cloud tenant or on-premises environment with no Dataiku access by default.

    Dataiku's privacy policy explicitly states: 'Unless you have given us your consent to do so, we will not use your data to train our models.' Customer data processed via AI Services (including by third-party sub-processors OpenAI and Azure OpenAI) is used only to deliver the service, analyze usage, and address errors. No customer data is used for AI model training without explicit consent.

    // Security controls

    Encryption in transit

    TLS/HTTPS enforced across all deployments; Let's Encrypt and custom certificate options supported for cloud deployments

    doc.dataiku.com

    Encryption at rest

    User secrets and passwords stored encrypted at rest; AWS KMS, Azure Key Vault, and Google Cloud Secret Manager integration for encryption key management

    doc.dataiku.com

    Cloud infrastructure

    Dataiku Cloud runs on AWS; customers can also deploy on their own AWS, Azure, or GCP environments via Cloud Stacks or on-premises

    dataiku.com

    Breach notification

    72-hour security incident notification commitment to customers per DPA

    dataiku.com

    Data access controls

    For self-managed deployments, Dataiku has no access to customer data by default. For Dataiku Cloud, access is limited to regular maintenance and requires explicit customer consent for data access.

    dataiku.com

    Sub-processors (AI Services)

    AI sub-processors include OpenAI and Azure OpenAI for Dataiku Cloud AI features. Other sub-processors include Auth0, Intercom, Freshworks, Snowflake. 30-day advance notice required before new sub-processors are added.

    dataiku.com

    Single-tenant option

    Dataiku Cloud is available as multi-tenant or single-tenant; single-tenant provides stronger isolation for enterprise clients

    dataiku.com

    Integrated Management System

    Dataiku operates an IMS unifying ISO 27001, ISO 27701, and ISO 9001 under a single endorsed management policy covering security, privacy, quality, and responsible AI

    dataiku.com

    // Products & data scope

    Dataiku DSS (Self-Managed)AI/ML Platform

    data: No customer data processed or stored by Dataiku. Installed in customer cloud tenant or on-premises. Dataiku does not access customer data without explicit consent.

    Deployable on-premises or on customer-owned cloud (AWS, Azure, GCP) via Cloud Stacks. Full customer data sovereignty. Certifications reflect Dataiku's organizational posture; customer is responsible for their own infrastructure controls.

    Dataiku Cloud (SaaS)AI/ML Platform (SaaS)

    data: Customer data processed and stored in Dataiku-managed AWS infrastructure. Customer selects their data region. Dataiku acts as data processor; customer remains data controller.

    Available as multi-tenant or single-tenant. Covered by SOC 2 Type II, ISO 27001:2022, ISO 27701:2019, and HIPAA compliance reports. DPA available at https://www.dataiku.com/legal/dataiku-cloud/data-processing-addendum/. EU Data Act Addendum available. AI Services route data through OpenAI and Azure OpenAI sub-processors.

    // What to watch

    • HIPAA is a voluntary compliance report (auditor opinion) rather than a formal certification program; report available only via account representative.
    • SOC 1 and SOC 2 reports are not publicly downloadable; available only via account representative.
    • AI Services in Dataiku Cloud route customer data through third-party sub-processors OpenAI and Azure OpenAI; customers should review these providers' data handling policies.
    • No public evidence of FedRAMP authorization; not listed in FedRAMP Marketplace as of 2026-06-29.
    • No public evidence of PCI DSS, ISO 27017, ISO 27018, or CSA STAR certification.
    • ISO 42001 not held by Dataiku; Dataiku offers an ISO 42001 readiness solution for customers but does not claim the certification itself.
    • EU Data Act Addendum available, indicating proactive alignment with emerging EU data regulations.
    • GxP compliance is vendor-asserted per trust page; formal GxP audit reports available via account representative for qualified healthcare/pharma clients.

    // At a glance

    Pricing model

    Enterprise license for self-managed; SaaS subscription for Dataiku Cloud. Contact sales for pricing. No public pricing published.

    Self-hostable

    Yes

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Dataiku, Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-06-29. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    dataiku.com

    > Browse all vendor trust reports