Security, Governance and Compliance

True cloud-native spatial analytics, built for the Enterprise

Deployment options, connections, and data access policies designed for ultimate security and control.

Trusted by world’s leading brands

Data always remains where it belongs - in your data warehouse

CARTO offers a truly cloud-native solution; you do not need to worry about syncing your data elsewhere. Extend the geospatial capabilities of your data warehouse, without compromising on data security and governance.

Learn more about control
Leverage and enforce your existing identity setup via SSO.
Secure data warehouse connections using OAuth or Workload Identity, following least privilege principle.
Leverage existing role-based access control (RBAC) and other governance policies from your data warehouse.
Support for users & groups, with advanced group-role mapping controls.
All queries are auditable, and audit logs are accessible at all times. 

Deploy CARTO in your own cloud

With our Self-hosted deployment you can host and operate CARTO your way, with ultimate control

Learn more about self-hosted

Options for both Single VM and Orchestrated containers.

Streamlined installation, with fully self-service or assisted options.

Support for deploying inside your VPC or behind your VPN, and with proxy configurations.

Standardized releases.

Rigorous privacy and compliance

CARTO is regularly audited by independent third-party companies and government bodies to prove that we comply with various global and regional standards:

- SOC 2 Type II certified

- EU-U.S. Data Privacy Framework (DPF) participant

- GDPR ready

Learn more about security

Run natively on your cloud data warehouse

Access your data instantly with a simple, intuitive interface, and start building your interactive maps running natively on top of the leading cloud data platforms.

Experian logoExperian logoExperian logo

Frequently asked questions

Will CARTO make any copies of our connected data?

No, CARTO does not make any copies of the data available through your Connections.

CARTO is cloud-native by design, and we have no need to replicate your data — never. Maps, Workflows, and Applications built with CARTO will launch queries against live data in your own data warehouse (BigQuery, Snowflake, Redshift, Databricks, PostgreSQL, etc) and the result of these queries is not stored for further uses. This applies to all kinds of deployments.

Will CARTO leverage existing permissions setups (ACLs, RBAC, RLS…) in our data warehouse?

Yes. Because connections in CARTO always send live queries back to your data warehouse, we always respect the permissions and controls in your organization, including advanced scenarios such as row-level security or role-based access control.

Moreover, connections in CARTO can be set up using OAuth-based mechanisms, with additional strict configurations such as viewer credentials, where every user needs to provide their own identity and credentials in order to access the data.

Can connections in CARTO be restricted to specific resources or permissions in our data warehouse?

Yes! On top of the OAuth-based mechanisms, CARTO also supports mechanisms such as Service Accounts or Workload Identity where you can granularly generate connections with limited permissions on specific resources in your data warehouse, following least-privilege best practices.

Is CARTO compatible with VPC/VPN/Private Link environments?

Yes. CARTO can be deployed in your own network with our Self-Hosted deployment. This deployment can be restricted using a proxy or VPC controls. Connections to the data warehouse can be set up using Private Link.

How do I manage who has access to CARTO?

CARTO supports seamless integration with your SSO (using SAML, OIDC or other protocols) including smooth user provisioning, and can also synchronize groups coming from your Identity Provider. Additionally, groups can be mapped to roles in CARTO. Roles in CARTO go from viewer, that can only consume pre-created assets; to admins, who can configure and monitor the CARTO organization.

Where can I find more information? Can I access the SOC 2 Type II report from CARTO?

CARTO’s latest SOC 2 Type II report is available upon request for customers and prospects. Please note that prospects must have signed an NDA (Non-disclosure agreement) with CARTO before receiving the SOC 2 Type II report.

Visit our Trust and Security center at  https://security.carto.com/ to request the latest report as well as other resources. In our Trust and Security you will also find additional information about our infrastructure security, internal procedures, and data privacy management.

Fast track your project with our expert Support and Professional Services

Professional Services
Our Professional Services & Support teams can help you accelerate projects, drawing on their expertise in app development, design, spatial data science and GIS.
Meet the team
Support
We offer a full range of support options, helping you make the most of CARTO’s spatial data and analysis.
See our support packages

Want to see how CARTO could work for you?