Trust, security, and privacy are central to Statsig’s operations. Your data remains confidential, secure, and owned by you across the Statsig platform.
The AI features on the Statsig platform use your data to provide additional insights, analysis, and solutions for your review. Examples of our AI features include Knowledge Graph, hypothesis advisor, and suggested metrics. By design, your data is kept separate in our production environment from other customer data. Statsig does not mix or process data from different customers together. This means we do not expose your data to other customers.Your data is not used to build or develop any AI models unless you provide explicit written consent. You own the data you provide and control which of your internal sources are connected to the Statsig platform. You also control who has access to the Statsig platform within your organization. Information on single sign-on on the Statsig platform can be found here.
Whether you are sending aggregated metrics, custom attributes, or hashed identifiers or connecting parts of your code base, Statsig understands the importance of security. Because security starts at design, Statsig’s software development lifecycle ensures we design and build security into our offerings at inception. We embrace zero trust and defense in-depth approaches to guide our overall security program. We have also implemented layered security controls across our endpoints, infrastructure, networks, and applications.Statsig uses strong, industry-standard security practices and cryptography to protect your data. This includes using AES-256 encryption at rest and TLS 1.2 or higher in transit. We use automated alerts and manual investigation processes to address any suspicious activity. Our systems also undergo regular risk assessments and audits, including by independent third parties to ensure adherence to high security standards. In addition, Statsig maintains a SOC 2 Type II certification. For more information on Statsig’s security practices, you can visit Security at Statsig.
Statsig’s data protection practices are designed to support your compliance with GDPR, CCPA, and other applicable privacy laws across our platform. For cross border data transfers, Statsig complies with the EU-US Data Privacy Framework, the UK Extension to the EU-US Data Privacy Framework, and the Swiss-US Data Privacy Framework. Statsig also provides a Data Processing Addendum to support its customers’ data handling requirements. These privacy protections also extend to all AI features.AI features on the Statsig platform utilize third-party large language models (LLMs). Data processed through these LLMs is not retained, accessed, or used by the underlying third-party model providers. By design, your data is also never shared with other customers. Further, Statsig’s subprocessors are only permitted to use the data as directed by Statsig and in accordance with our contractual commitments. A list of Statsig’s subprocessors is available here.
