Security & Trust

Security starts with not having your data

The strongest security control is the data you never collect. Because CrossRow generates synthetic data, there is far less of your sensitive information in our systems to begin with. Here is how we handle what remains.

Most data tools ask you to hand over a copy of production, and then spend their security page reassuring you about how carefully they guard it. CrossRow is built the other way around. You describe the shape of the data you want; we generate it. Your real customers, transactions, and records never need to enter our systems. That is the foundation everything below sits on.

What we do, and do not, hold

Infrastructure

CrossRow runs entirely on Amazon Web Services in the United States. We use managed AWS services for storage (S3), authentication (Cognito), compute, and content delivery, and we inherit the physical and network security of that platform. Traffic to and from the Service is encrypted in transit with TLS, and data at rest is stored on AWS-encrypted storage.

How language models are used

CrossRow uses language models from OpenAI and Anthropic to plan generation and score quality. Only what is needed for those tasks is sent: your schema descriptions and small samples of generated data, which describe the shape of data you want rather than your real records. These providers process API inputs to return a result and, under their standard API terms, do not use that content to train their models. We also do not use your schemas or generated data to train any model of our own.

Access and isolation

Access to the Service requires authentication, and your data is scoped to your account and team. Internally, access to production systems is limited to what is necessary to operate and support the Service.

Data deletion and control

You can delete your generated datasets and your account from within the application. When you do, the associated content is removed from active systems, subject to routine backups that expire on a rolling basis. See our Privacy Policy for the full detail on what we collect and your rights over it.

Reporting a vulnerability

If you believe you have found a security issue, we want to hear about it. Please reach us through our contact form with the details, and we will respond promptly. We ask that you give us a reasonable opportunity to address an issue before disclosing it publicly.

Compliance and enterprise review. CrossRow is a young product, and we are candid about that: we are not going to claim certifications we do not hold. What we will do is work with your security and compliance teams on your specific requirements, walk through our architecture, and answer a security questionnaire. If you are evaluating CrossRow for a regulated environment, get in touch and we will engage directly.

Privacy Policy →