Security at FactoryThread
FactoryThread is a data virtualization platform — not a system of record for customer business data. Records flow through our workers in memory and land in your target system. The application database holds only operational metadata.
FactoryThread is not designed to be a system of record for customer business data. The application database holds only the operational metadata required to run, secure, and troubleshoot the service — plus two narrow, documented exceptions on the failure path.
- Caveat 1 — Error samples
On flow execution errors, a small sample of the failing record(s) is persisted into the insights message column for debugging. Successful executions store only metadata (status, duration, counts).
- Caveat 2 — Worker staging
The worker may use ephemeral in-memory or temporary staging for certain operations during execution. This staging is not persisted across runs.
How FactoryThread is built to be secure
Six controls that hold up under independent review. Each links to the relevant section of the Security Overview.
Data virtualization
Not a system of record. Data is fetched on demand, transformed in memory, and delivered to the target — not stored as a customer dataset.
Auth0 OIDC + JWKS
JWTs are verified against issuer and audience using JWKS. Access tokens are delivered as HTTP-only cookies.
Tenant isolation
tenantId is bound to the Auth0 org_id. Every domain table carries tenant_id NOT NULL; repositories enforce the filter.
Worker process isolation
Customer flows execute in a separate worker process consuming RabbitMQ. The API server never runs flow code in-process.
TLS in transit
HTTPS-only on *.factorythread.com with TLS 1.2+. Strict per-connection TLS verification ships in Q2 2026.
On-prem deployment
First-class air-gapped install with reverse-proxy SSO and API keys. Customer data stays in customer infrastructure.
What lives in our database — and what doesn't
We persist
- Connection credentials and metadata
- Flow, view, and API definitions
- Workspace, user, API-key, and billing metadata
- Execution insights — status, duration, node counts, error messages
- Small input samples on execution errors (for debugging)
We do not persist
- Customer business records flowing through pipelines
- Successful execution outputs
- Preview results — held in memory only
- Ephemeral worker staging — discarded across runs
Aligned controls. Target audits in 12-24 months.
We do not currently hold formal certifications. The frameworks below describe our control alignment today and our planned audit timeline.
See the Compliance Readiness Statement for current alignment, gaps, and target audit timelines per framework.
What we're shipping next
We disclose what's in flight rather than wait to be asked. These four items are on our near-term roadmap.
| Item | Detail | Target |
|---|---|---|
| Connection metadata encryption at rest | AES-256-GCM with envelope keys for credentials in connection_data.metadata. | Q2 2026 |
| Strict TLS verification by default | Per-connection self-signed cert opt-in; reject by default for outbound connectors. | Q2 2026 |
| Tenant-scoped activity audit log | Comprehensive who-did-what-when across user actions, beyond publish and API key events today. | Q3 2026 |
| Flow change history with diff viewer | Retain prior versions of flow definitions; surface diffs alongside the editor. | Q3 2026 |
The full security packet
The Security Overview, Shared Responsibility Matrix, and Compliance Readiness Statement are public. The remaining two documents contain detailed architecture and access-control information and are available under NDA.
Security Overview
Product summary, tenancy, authentication, encryption, logging, corporate controls, roadmap.
PublicShared Responsibility Matrix
Division of security responsibilities across SaaS, single-tenant managed, and on-prem deployments.
PublicCompliance Readiness
SOC 2, ISO 27001, 21 CFR Part 11, GxP — current alignment and target audit timelines.
Available under NDAData Flow & Architecture Guide
Component diagram, data flow, network egress, residency, disaster recovery.
Available under NDAAccess, Audit & Change Control
Access control, identity provisioning, audit trail, change control.