Built so security review is short
TribeBlend is a desktop application. Your data stays in Databricks under your existing governance, so most of the questionnaire answers itself.
Compliance status
Where we stand today
We publish the real state of every control instead of a badge we have not earned.
SOC 2 Type II is in progress
We don't display a certification we haven't completed. Request our security package for the current SOC 2 status, penetration-test summary, and DPA.SOC 2 Type II
In progress
Audit in progress. Request our security package for current status.
GDPR (EU)
In place
Article 30 record published; DPA available on request.
Encryption in transit
In place
TLS 1.2+ across every endpoint.
Encryption at rest
In place
All stored personal data is encrypted at rest.
MFA, SSO & SCIM
In place
TOTP MFA, SAML/OIDC SSO, and SCIM provisioning.
Audit logging
In place
Security-relevant events are logged and retained.
Architecture
Where your data lives
Production data never leaves Databricks. The desktop app runs queries locally under the analyst's own permissions; our control plane only ever sees account and audit metadata.
System of record
Your Databricks workspace
- Unity Catalog governs every permission
- Delta Lake stores production data
- SQL Warehouse runs production compute
Queries run under the analyst's Unity Catalog permissions. Results are cached locally; write-back is governed and conflict-reviewed.
Where work happens
Analyst desktop — TribeBlend app
- OAuth U2M signs in as the analyst
- On-device AI writes validated SQL
- Local DuckDB cache powers the grid
Only account, license, and audit metadata reaches our servers — never warehouse data, query results, or cell values.
Accounts, licensing, audit
TribeBlend control plane
- Authentication, seats, and SSO
- License activation via Keygen
- Security audit log (Cloudflare, Turso)
For the full control narrative and evaluation checklist, see the Trust Center.
Data handling
What the desktop app sends — and what it never does
Telemetry is opt-in. When it's on, only anonymized signals leave the device.
Opt-in telemetry sends
Anonymized usage events
Which features are used and whether actions succeed — no document contents.
Installation UUID
A random per-install identifier, not tied to a person or a Databricks identity.
AI feedback hashes
Hashed thumbs-up/down signals used to measure answer accuracy over time.
Structural SQL patterns
The shape of generated queries (joins, functions) — never literals, filters, or values.
Never leaves your environment
Warehouse data and cell values
Row, column, and cell contents stay in Databricks and the local cache.
Query results
Result sets are computed locally and are never transmitted to TribeBlend.
Credentials and tokens
OAuth tokens live in the OS keychain on the device and are never collected.
- Legal basis
- Consent — opt-in, switchable in the desktop app
- Retention
- 365 days
- Processors
- Cloudflare Workers, Turso (EU)
Sub-processors
Every vendor that can touch personal data
The full list, kept in sync with our GDPR Article 30 record. None of them process your Databricks warehouse data.
| Sub-processor | Purpose | Data categories | Location |
|---|---|---|---|
| Turso | Primary database (accounts, licensing, audit logs, telemetry) | Name, email, password hash, machine fingerprints, audit events | EU |
| Cloudflare Workers | Website and API hosting, telemetry ingestion | IP address, anonymized usage events | Global edge |
| Keygen.sh | Software license activation and validation | Email, organization, machine fingerprints, IP address | USA (SCCs) |
| HubSpot | Sales pipeline and customer relationship management | Name, email, company, job title, message | USA (SCCs) |
| Slack | Internal sales-lead notifications | Name, email, company, message | USA (SCCs) |
| Cal.com | Demo scheduling | Name, email, meeting details | USA (SCCs) |
| Resend | Transactional and marketing email delivery | Email, name | USA (SCCs) |
| Google Analytics | Website usage analysis (consent-gated) | Anonymized usage data, IP address | USA (SCCs) |
For security reviewers
Request the security package
Contact us and choose “Architecture / Security Review” for the current SOC 2 status, our penetration-test summary, the DPA, and a sub-processor list you can drop into your vendor review. To report a vulnerability, see security.txt.