Most data tools ask you to hand over a copy of production, and then spend their security page reassuring you about how carefully they guard it. CrossRow is built the other way around. You describe the shape of the data you want; we generate it. Your real customers, transactions, and records never need to enter our systems. That is the foundation everything below sits on.
What we do, and do not, hold
- We do not require production data. The Service works from schemas, DDL, and descriptions. You should never upload real personal or production records, and by design you do not have to.
- Account data is minimal. We store your email and, optionally, your name. Passwords are managed through Amazon Cognito, not stored by us in readable form.
- Your schemas and generated output are isolated to your account and team, and stored in AWS. You can delete them at any time.
Infrastructure
CrossRow runs entirely on Amazon Web Services in the United States. We use managed AWS services for storage (S3), authentication (Cognito), compute, and content delivery, and we inherit the physical and network security of that platform. Traffic to and from the Service is encrypted in transit with TLS, and data at rest is stored on AWS-encrypted storage.
How language models are used
CrossRow uses language models from OpenAI and Anthropic to plan generation and score quality. Only what is needed for those tasks is sent: your schema descriptions and small samples of generated data, which describe the shape of data you want rather than your real records. These providers process API inputs to return a result and, under their standard API terms, do not use that content to train their models. We also do not use your schemas or generated data to train any model of our own.
Access and isolation
Access to the Service requires authentication, and your data is scoped to your account and team. Internally, access to production systems is limited to what is necessary to operate and support the Service.
Data deletion and control
You can delete your generated datasets and your account from within the application. When you do, the associated content is removed from active systems, subject to routine backups that expire on a rolling basis. See our Privacy Policy for the full detail on what we collect and your rights over it.
Reporting a vulnerability
If you believe you have found a security issue, we want to hear about it. Please reach us through our contact form with the details, and we will respond promptly. We ask that you give us a reasonable opportunity to address an issue before disclosing it publicly.
Compliance and enterprise review. CrossRow is a young product, and we are candid about that: we are not going to claim certifications we do not hold. What we will do is work with your security and compliance teams on your specific requirements, walk through our architecture, and answer a security questionnaire. If you are evaluating CrossRow for a regulated environment, get in touch and we will engage directly.