Security

Alvin only uses metadata (like SQL text, query execution context, and lineage) to perform optimizations. Query response data is passed through without being observed by us. Alvin is certified SOC-2 which means our systems and policies are audited regularly.

In its current form, the proxy does nothing more than rewrite the SQL text on behalf of the user and forward the payload to the BigQuery API with the same credentials as the user. The proxy itself does not necessitate or store any credentials to operate.

Any user calling the proxy API will appear to the BigQuery API as exactly the same user with exactly the same permissions as if the user was calling the BigQuery API directly. No data from BigQuery results are ever exposed beyond the proxy boundary. Outside of this the proxy adheres to Alvin’s robust security procedures that follows from Alvin internal policies as well as SOC-2 Type 2 certification.