Your data stays yours
Tables live in your object store, in open formats, in your cloud account. Quernos reads; it does not copy your lake.
Quernos sits between your tools and your engines, which means our security model has to be inspectable, not asserted. This page describes how we actually handle credentials, data, results, and evidence. If your security team wants more depth, we'll walk them through the architecture directly.
Tables live in your object store, in open formats, in your cloud account. Quernos reads; it does not copy your lake.
Access is short-lived and scoped per operation — assumed roles and freshly issued tokens, never long-lived secrets sitting in our data path.
Every routing decision, credential issuance, and verification result is logged with its rationale — exportable to you.
A router that silently returns wrong answers is a security problem, whatever the compliance paperwork says. Routed queries are checksum-compared against the source engine on a sampled basis; a disagreement quarantines the route, falls the query back to your original engine, and preserves the evidence for you.
Every routing decision records what was chosen, what was rejected, and the cost model's reasoning at that moment. Credential issuance and administrative access are logged the same way. The log is append-only, retained immutably, and exportable — built for the question "why did this query run there?", whether it comes from your engineer or your auditor.
Our SOC 2 program is underway; report status and timelines are available to customers and prospects under NDA. The tenant-isolation, audit, and erasure controls described above are built into the platform's foundations rather than assembled for the audit.
Write to security@quernos.com. We acknowledge reports within two business days, and we don't take legal action against good-faith research.