Skip to content
Saiku Cloud

Tenant isolation

When you sign up for Saiku Cloud, your account is provisioned as a tenant — the unit of isolation in our platform. Every other tenant on Saiku Cloud is invisible to you, and you to them. This page explains what that means concretely.

What’s isolated

Everything tied to your account is scoped to your account:

  • Warehouse connections — addresses, usernames, encrypted passwords.
  • Schemas — every cube you’ve authored or saved.
  • Workbooks and saved queries — both in the Saiku UI and via the API.
  • File uploads — Parquet, CSV, JSON files you’ve uploaded.
  • Audit events — the history of what your team has done.
  • Members and roles — the people in your account.
  • Subscription and billing — tied to your account, not visible elsewhere.

A query you run against your warehouse only touches your warehouse. Another customer’s query against their warehouse can’t reach yours, and vice versa.

How API keys work

Every API call carries an API key that identifies your account. The key is checked on our servers, not in your code — there’s no “account ID” header a caller can fake. A stolen API key can only reach the data its account already has access to.

You can rotate API keys at any time from the API keys page without losing data.

How credentials are stored

When you save warehouse credentials on the Connections page we encrypt them before they hit our database, using a key kept separate from the database. The plaintext only exists for a few milliseconds at a time, when we’re actively opening a connection to your warehouse. Even with a full copy of our database, an attacker would not be able to read your credentials.

How your cubes stay separate

Our query engine treats every customer’s cubes as separate entries in its memory — even when two customers happen to have identically-named cubes pointing at identically-shaped warehouses. This isn’t just a performance trick; it’s a security guarantee with automated tests that fail the build if it’s ever violated.

What we log

We log enough to operate the platform — API request paths, response codes, tenant IDs, request IDs. We do not log:

  • Warehouse credentials (you never see them in plaintext after save).
  • Query results or row contents.
  • Authorization headers or session cookies.
  • File upload contents.

The audit log surfaces a customer-facing subset of these events on the Audit log page (Team+ tier).

Backups and retention

Your account data is backed up nightly with point-in-time recovery for the last 30 days. Backups inherit the same encryption-at-rest and tenant scoping as live data.

If you delete your account (Account → Danger zone), there’s a 30-day grace window during which you can recover by emailing hello@saiku.bi. After 30 days, all your data is permanently purged — schemas, workbooks, audit events, the lot.

SOC 2, GDPR, and other compliance

  • SOC 2 Type I — in progress; expected completion before self-serve launch. Report available under NDA on request.
  • GDPR — DPA template available; counsel-reviewed. Email legal@saiku.bi to start.
  • Article 17 (right to erasure) — supported via the Account page self-serve deletion flow.
  • HIPAA / ISO 27001 — not in scope for year-one self-serve tiers. Available on Enterprise contracts.

Reporting a security concern

If you find a security issue, email security@saiku.bi directly. We acknowledge within 24 hours and triage by severity. We don’t operate a bug bounty programme yet but we credit responsible disclosure in the release notes.