Honeydew is committed to security and focused on keeping you and your data safe.

For any questions or comments, please contact support@honeydew.ai.

Security

SaaS Application

Honeydew is as a cloud-based service.

All connections to the Honeydew application are encrypted by default using industry-standard cryptographic protocols (TLS 1.2+).

Any attempt to connect over an unencrypted channel (HTTP) is automatically redirected to an encrypted channel (HTTPS).

To take advantage of HTTPS, your browser must support encryption protection (all versions of Google Chrome, Firefox, and Safari).

Application access

Users can use Single Sign-On through Google. Enterprise SSO (e.g. Okta) is available upon request.

Honeydew organization administrators can manage user access and permissions through the Honeydew application.

Data

Honeydew controls data access through the Snowflake security model.

All data processing occurs solely within a customer-owned Snowflake account.

Honeydew Cloud can be configured without any data access.

In this setup, certain UI features (like on-demand data preview) will be disabled, but core functionality will remain unaffected.

Metadata

All customer metadata managed by Honeydew is stored in a private Git repository owned by the customer.

Snowflake

The Honeydew Snowflake Native App enables secure access to Honeydew directly from the Snowflake IDE or a Snowflake Connection.

The Snowflake security model (user access and roles) is supported to:

  • Control access to the Honeydew application.
  • Manage user access for those utilizing a Honeydew-based live SQL connection.

Credentials

Honeydew enables connections to Snowflake using either organization-level service accounts or individual per-user Snowflake accounts. Authentication options include support for both username/password credentials and key-pair authentication.

Permissions

Honeydew only requires USAGE and SELECT permissions on the Snowflake database.

You can also optionally provide Honeydew with permissions to create and manage dynamic datasets as views and tables, as well as to manage preaggregate tables.

Additional access control can be achieved using Snowflake Row-level Security (RLS) policies.

Live SQL connection

If a Live SQL connection is enabled, Honeydew will process queries that go through this live connection.

However, Honeydew does not process or store any in-flight data exchanged within the live connection between a BI tool and Snowflake.

Retention of customer credentials

Honeydew securely retains customer credentials for Snowflake and BI tools, including OAuth tokens, to facilitate secure and continuous extraction/synchronization of metadata.

These credentials are securely stored in secret management system, encrypted at rest and in transit.

Compliance

Honeydew is SOC2 Type II compliant and can provide documentation upon request.

Company policies

Honeydew requires that all employees comply with security policies designed to keep any and all customer information safe, and address multiple security compliance standards, rules and regulations.

Two-factor authentication and strong password controls are required for administrative access to systems.

Security policies and procedures are documented and reviewed on a regular basis.

Current and future development follows industry-standard secure coding guidelines, such as those recommended by OWASP.