Security Overview

This guide is designed to help security teams evaluate Compass for compliance and procurement reviews. It covers our architecture, data handling, and security controls.

What is Dagster Compass?

Dagster Compass is an AI-powered data analysis assistant that enables teams to interact with their data through natural language queries in Slack. Built by Dagster Labs (opens in a new tab), Compass leverages large language models to provide intelligent data analysis and visualization while maintaining enterprise-grade security.

Key Security Points

Your Data Stays With You

We DON'T store: Your actual database data or raw query results
We DO store: Slack conversations (including final query results shown in chat), configuration settings, usage analytics, and context documentation you provide

Your warehouse data never leaves your infrastructure. Compass only receives the results of queries it runs—no raw tables, no bulk exports.

How It Works

You ask questions in Slack
Compass generates SQL queries
Queries run in YOUR data warehouse
Results are processed and answered in Slack
Only the conversation is saved, not your raw data

See How It Works for more details on how Compass understands your data.

Security Features

Encryption

In Transit: All data encrypted using TLS 1.2+
At Rest: All stored data encrypted with AES-256
Credentials: Warehouse credentials encrypted using AWS KMS envelope encryption with per-organization encryption keys
Isolation: Each organization has its own Data Encryption Key (DEK), ensuring credentials cannot be decrypted across organizations

Access Controls

Identity and Roles:

User identities are managed through Slack authentication
Organization Admins and Members have different access levels
See User Roles for complete permission matrix

Data Access:

Read-Only Operations: Compass only performs SELECT queries on your data warehouse. For security best practices, grant only SELECT permissions to the Compass service account.
Channel-Based Access: Bot only accesses channels you invite it to, and each channel can have separate warehouse connections
Service Accounts: Use dedicated service accounts with minimal required permissions

Thread Viewing: Users can access a print-friendly version of conversations, including SQL queries, by clicking the "🌐 See all steps" button. These links are:

JWT-authenticated and validated server-side
NOT publicly accessible
Organization- and thread-scoped
Short-lived (re-click the link in Slack to regenerate)

AI Privacy

Your data is not used to train AI models
AI providers don't retain your queries
Enterprise agreements ensure data privacy

Infrastructure

Where Things Live

Conversations: Slack (isolated workspace per organization)
Application & Storage: AWS (compute, file storage, credential encryption)
Context Docs: GitHub repositories (version controlled, organization-scoped)

A complete list of subprocessors is available upon request.

Data Managed by Compass

When you opt in to CSV uploads or SaaS platform integrations (Salesforce, Google Ads, Gong), Compass manages this data on your behalf with complete organization-level isolation:

Organization isolation: Each organization has dedicated storage with strict access controls preventing cross-organization access
Scoped access: All data access is restricted to your organization through policy enforcement and session-based controls
Separate query environments: Query processing is isolated at the organization level

This is completely opt-in. When connecting your own data warehouse, Compass doesn't store or manage your data—it only queries your warehouse with read-only access.

Isolation

Each customer organization has completely separate:

Slack workspace - Dedicated Slack Enterprise Grid workspace
Database connections - Per-organization warehouse credentials with separate encryption keys
Bot instances - Channel-level isolation with independent configuration
Context repositories - Version-controlled GitHub repositories for context documents
Data encryption keys - Per-organization AWS KMS data encryption keys
Storage prefixes - Organization-scoped S3 prefixes for CSV uploads and integrations

Isolation enforcement:

Database-level foreign key constraints ensure data cannot cross organization boundaries
All queries are scoped by organization ID
Encryption contexts prevent cross-organization credential decryption

Monitoring & Compliance

What We Track

System performance and health
Usage patterns and analytics events
Conversation history (messages, tool calls, responses)
Token usage per query and organization
All configuration changes

Security Monitoring

Automated threat detection & DDoS protection
Unusual query pattern alerts
Rate limiting to prevent abuse
Regular security audits

Compliance

Additional compliance options including BAAs and custom data retention policies are available on our Pro plan. If your organization has specific compliance requirements, talk to an expert (opens in a new tab) to discuss your needs.

Data Retention

Data Deletion

Delete conversations anytime from Slack
Organization deletion removes all stored data

Custom Configuration

Need specific retention periods or data handling requirements? Talk to an expert (opens in a new tab) to discuss custom configurations.

Need Help?

Security Questions: security@dagsterlabs.com
Report Vulnerabilities: vulnerability@dagsterlabs.com
General Support: compass-support@dagsterlabs.com
Documentation: Help Docs (opens in a new tab)
System Status: System Status Page (opens in a new tab)

Slack Permissions Best Practices