Security, Governance and Compliance

True cloud-native spatial analytics, built for the Enterprise

Deployment options, connections, and data access policies designed for ultimate security and control.

A global map with icons representing data security, user profiles, access control, and authentication.A global map with icons representing data security, user profiles, access control, and authentication.

Trusted by world’s leading brands

Data always remains where it belongs - in your data warehouse

CARTO offers a truly cloud-native solution; you do not need to worry about syncing your data elsewhere. Extend the geospatial capabilities of your data warehouse, without compromising on data security and governance.

Learn more about control
Leverage and enforce your existing identity setup via SSO.
Secure data warehouse connections using OAuth or Workload Identity, following least privilege principle.
Leverage existing role-based access control (RBAC) and other governance policies from your data warehouse.
Support for users & groups, with advanced group-role mapping controls.
All queries are auditable, and audit logs are accessible at all times. 

Deploy CARTO in your own cloud

With our Self-hosted deployment you can host and operate CARTO your way, with ultimate control

Learn more about self-hosted

Options for both Single VM and Orchestrated containers.

Streamlined installation, with fully self-service or assisted options.

Support for deploying inside your VPC or behind your VPN, and with proxy configurations.

Standardized releases. Regular updates to ensure stability across all environments.

Rigorous privacy and compliance

CARTO is regularly audited by independent third-party companies and government bodies to prove that we comply with various global and regional standards:

- SOC 2 Type II certified

- EU-U.S. Data Privacy Framework (DPF) participant

- GDPR ready

Learn more about security

Pick yours to learn more 

Experian logoExperian logoExperian logo

Available from the leading cloud marketplaces

Start getting the most out of your spatial data by trialing, purchasing and accessing CARTO directly from your cloud vendor’s marketplace.

Frequently asked questions

Will CARTO make any copies of our connected data?

No, CARTO does not make any copies of the data available through your Connections.

CARTO is cloud-native by design, and we never need to replicate your data. Maps, Workflows, and Applications built with CARTO will launch queries against live data in your own data warehouse (BigQuery, Snowflake, Redshift, Databricks, PostgreSQL, etc) and the result of these queries is not stored for further uses. This applies to all kinds of deployments.

Will CARTO leverage existing permissions setups (ACLs, RBAC, RLS…) in our data warehouse?

Yes. Because connections in CARTO always send live queries back to your data warehouse, we always respect the permissions and controls in your organization, including advanced scenarios such as row-level security or role-based access control.

Moreover, connections in CARTO can be set up using OAuth-based mechanisms, with additional strict configurations such as viewer credentials, where every user needs to provide their own identity and credentials in order to access the data.

Can connections in CARTO be restricted to specific resources or permissions in our data warehouse?

Yes! On top of the OAuth-based mechanisms, CARTO also supports mechanisms such as Service Accounts or Workload Identity where you can granularly generate connections with limited permissions on specific resources in your data warehouse, following least-privilege best practices.

Is CARTO compatible with VPC/VPN/Private Link environments?

Yes. CARTO can be deployed in your own network with our Self-Hosted deployment. This deployment can be restricted using a proxy or VPC controls. Connections to the data warehouse can be set up using Private Link.

How do I manage who has access to CARTO?

CARTO supports seamless integration with your SSO (using SAML, OIDC or other protocols) including smooth user provisioning, and can also synchronize groups coming from your Identity Provider. Additionally, groups can be mapped to roles in CARTO. Roles in CARTO go from viewer, that can only consume pre-created assets; to admins, who can configure and monitor the CARTO organization.

Where can I find more information? Can I access the SOC 2 Type II report from CARTO?

CARTO’s latest SOC 2 Type II report is available upon request for customers and prospects. Please note that prospects must have signed an NDA (Non-disclosure agreement) with CARTO before receiving the SOC 2 Type II report.

Visit our Trust and Security center to request the latest report as well as other resources. In our Trust and Security you will also find additional information about our infrastructure security, internal procedures, and data privacy management.

Fast track your project with our expert Support and Professional Services

Professional Services
Whatever the nature of your use case, our Professional Services team can help you fast-track strategic geospatial projects.
Meet the team
Support
We offer a full range of support options, helping you make the most of CARTO’s spatial data and analysis.
See our support packages

Want to see how CARTO could work for you?