// Trust & Security Report

    DataRobot, Inc. logo

    DataRobot, Inc.

    Enterprise AI platform with modular products: Agentic AI, Generative AI, Predictive AI, AI Governance, AI Observability, and AI Foundation. Supports multiple deployment models (SaaS, on-premise, hybrid, multi-cloud).

    Certifications held

    4

    Maturity

    Enterprise

    Trains on your data

    No

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    ISO 27001
    HELD

    We are certified under ISO 27001, a globally recognized standard for an organization's Information Security Management System.

    Verify on datarobot.com
    SOC 2 Type II
    HELD

    We annually undergo an independent assessment of our cloud control environment.

    Verify on datarobot.com
    GDPR
    HELD

    DataRobot complies with international data privacy regulations, including GDPR, CCPA, CPRA, CPA, VCDPA, and the EU AI Act.

    Verify on datarobot.com
    HIPAA
    HELD

    DataRobot's HIPAA-compliant Single-Tenant SaaS offering is now available on AWS, Azure and GCP.

    Verify on datarobot.com
    > Show 4 unconfirmed / not-held certifications
    FedRAMP
    NOT CONFIRMED

    No public evidence of FedRAMP certification found on vendor domain.

    source: datarobot.com
    PCI DSS
    NOT CONFIRMED

    No public evidence of PCI DSS certification found; note: DataRobot's MSA prohibits SaaS customers from ingesting PCI data.

    source: datarobot.com
    ISO 42001 (AI Governance)
    NOT CONFIRMED

    No public evidence of ISO 42001 certification found on vendor domain.

    source: datarobot.com
    CSA STAR for AI
    NOT CONFIRMED

    No public evidence of CSA STAR for AI certification found on vendor domain.

    source: datarobot.com

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Offered

    Data region

    Global operations with US headquarters. Managed AI Cloud instance available in EU. No granular region-selection documented for standard SaaS deployment.

    DataRobot explicitly states: 'When using collected data for product development, we will always remove all personal data and Customer Data.' Customer data is not directly used for model training. However, note that DataRobot's MSA prohibits SaaS customers from importing financial data, PCI data, HIPAA-regulated data, SSN, driver's license numbers, sensitive personal data under GDPR, data of minors under 16, or GLBA/COPPA-regulated data.

    // Security controls

    Encryption in transit

    TLS 1.3 for all API communications; DNSSEC support; option to use custom certificate authorities

    datarobot.com

    Encryption at rest

    Encryption at rest available; option to use custom certificate authorities

    datarobot.com

    Authentication

    SAML-based SSO for enterprises; LDAP integration for Self-Managed; Multi-Factor Authentication (MFA) capabilities

    datarobot.com

    Access Control

    Role-based access control (RBAC) with customizable roles and granular sharing permissions for resources and data

    datarobot.com

    Penetration Testing

    Regular third-party penetration testing to identify and address vulnerabilities

    datarobot.com

    Audits

    Annual external audits and security assessments of production applications; governance, risk management, and compliance program in place

    datarobot.com

    // Products & data scope

    Agentic AI PlatformAI Agents

    data: Customer data for agent development; deployable on-premise, cloud, or hybrid

    End-to-end agent lifecycle support (build, operate, govern). Support for foundational, business (SAP co-developed), and purpose-built agents. HIPAA-compliant single-tenant SaaS available for healthcare.

    Generative AIGenerative AI

    data: LLM and generative capabilities; supports selection of LLMs and embeddings for customer use cases

    Component of unified platform; integrated with agent and prediction workflows

    Predictive AIPredictive Analytics

    data: Customer data for predictive modeling

    Legacy product; part of unified platform but earlier generation than Agentic AI focus

    AI GovernanceAI Governance & Compliance

    data: Monitoring and auditing of AI workflows; no direct customer data processing

    Compliance tracking, control definition, and automated audit documentation. Recognized in Gartner MarketScape for AI Governance.

    AI ObservabilityAI Monitoring

    data: Agent and model quality monitoring; real-time issue detection

    Production monitoring for safe and reliable agent performance

    AI FoundationInfrastructure

    data: Underlying platform infrastructure

    Core infrastructure for all DataRobot products; supports multiple deployment models

    // At a glance

    Pricing model

    Enterprise licensing; tiers not publicly detailed. Contact sales required. Pricing 5.0 (Classic MLOps) available for some products.

    Self-hostable

    Yes

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on DataRobot, Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    datarobot.com

    > Browse all vendor trust reports