// Trust & Security Report
MicroStrategy Inc.
Enterprise business intelligence, analytics, and AI platform. Core products include MicroStrategy Cloud (SaaS), MicroStrategy ONE (unified platform for enterprises), and Mosaic (universal semantic layer for governed AI). Supports 200+ data source connectors.
Certifications held
7
Maturity
Enterprise
Trains on your data
No
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on strategy.com“MicroStrategy AI applications support data privacy and confidentiality by not retaining any user data, with the platform configured to prevent data retention or usage for model training, ensuring GDPR compliance”
Verify on fedramp.gov“FedRAMP Certified as of 11/17/2022 at the Class C (Moderate) impact level (Rev5) for MicroStrategy Cloud for Government”
> Show 2 unconfirmed / not-held certifications
source: cloudsecurityalliance.orgCSA STAR Level 1 self-assessment from April 2022 is now marked as deprecated (not updated in >1 year), indicating no current active STAR certification maintained
No public evidence of ISO 42001 certification
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Offered
Data region
Multiple regions (AWS, Azure, Google Cloud across 36+ regions); product origin: United States
MicroStrategy explicitly states it does not use customer inputs, chat history, or communications to train MicroStrategy's or third-party AI models. Intelligent features do not store or retain conversation histories past the active user session. No data retention for model training.
// Security controls
Data Encryption in Transit
IPsec and/or SSL VPN gateways with industry-standard encryption algorithms (HTTPS/TLS)
www2.microstrategy.comData Encryption at Rest
AES-256 encryption leveraging native encryption tools and key management systems from public cloud providers. MicroStrategy Encryption Key Manager (EKM) creates and manages unique encryption keys for sensitive information.
www2.microstrategy.comVulnerability Management
Extensive vulnerability scanning and analysis across technology stack. Annual penetration tests by third-party security firms. Issues prioritized and resolved promptly.
www2.microstrategy.comAudit & Logging
Multi-layer encryption and blockchain-based audit trails for cloud services
strategy.comNetwork Security
Defense-in-depth strategy with robust network security, data encryption, and comprehensive access controls
www2.microstrategy.com// Products & data scope
data: Customer data stays within customer-controlled infrastructure; no training on customer data
Holds ISO 27001, SOC 2 Type II, HIPAA, PCI DSS, GDPR compliance, BSI C5. Supports multi-cloud deployment (AWS, Azure, Google Cloud)
data: Enterprise-grade unified platform combining analytics, BI, and AI capabilities
Consolidates multiple MicroStrategy capabilities into single platform
data: Unified semantic layer for governed AI and BI
Enables single source of truth for data consistency across systems
data: No customer data retention or usage for model training
Privacy-first design; does not retain conversation histories or use customer data for training
data: FedRAMP Certified (Moderate impact level)
Specialized for U.S. federal government agencies; authorized via Department of Health and Human Services
// What to watch
- CSA STAR certification is deprecated (last updated April 2022); vendor should refresh if continuing to claim STAR status
- Privacy Shield (mentioned in documentation) is no longer a valid compliance framework as of 2020; should be updated to Standard Contractual Clauses or Binding Corporate Rules for EU data transfers
- Evidence domain discrepancy: Evidence file references strategy.com (which is the current domain), but some documentation still references microstrategy.com. Both are valid domains for the same vendor.
- ISO 42001 (AI management) not held despite recent emphasis on AI governance; may be a gap given enterprise AI product line
// At a glance
Pricing model
Subscription (SaaS) and perpetual licenses; multi-tiered for different use cases
Self-hostable
Yes
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on MicroStrategy Inc.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-07. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
www2.microstrategy.com