Skip to main content

Security and Privacy

Learn how Turntable protects your data and privacy. If you notice a security or privacy issue or have additional questions, please contact or click the chat with us button below.


How is my data encrypted?

Data at rest is encrypted with the AES-256 algorithm (managed by our cloud provider). Data is transferred via HTTPS (encrypted with SSL). Backup data is stored in an encrypted S3 bucket (managed by our cloud provider).

Who is your cloud service provider and what region are your instances located in?

Turntable’s products is hosted on AWS. Our instances are located in the "us" (United States) region.

Do you have a bug bounty program?

We do not have an official bug bounty program at this time. If you have found a bug pertaining to security exploits or vulnerabilities, or if you have any more questions about this, please contact us at

Who are your data sub-processors?

We work with companies and tools to store, analyze, and transmit data on behalf of our users. These companies have been vetted for best-in-class security practices.

BetterStackError Tracking
CheckrInternal Processes
ClerkyInternal Processes
GitHubIssue Tracking
Google Cloud PlatformCloud Hosting
HubspotInternal Processes
LinearIssue Tracking
NotionInternal Processes
PosthogAnalytics, Session recordings
RipplingInternal Processes
SentryError Tracking
SlackCustomer Communication, Internal Processes
SupabaseCloud Hosting
VantaInternal Processes
ZoomInternal Processes
Does Turntable regularly do external security audits?

Not yet. We follow security best practices and we've planned to have them audited externally as part of the SOC 2 certification.

What are your practices for handling and reacting to security incidents?

We have systems and processes in place to review security issues as soon as possible. To share a security concern, reach out to


What data do you collect?

Our general approach is to collect as little data as possible to provide you with our service. For the VSCode extension, we do not collect or store your data warehouse credentials or your data. We are able to do this while still providing our services by instructing your computer to run dbt commands locally.

Here is exactly what we collect, who we send it to, and why:

What we processWho we send it toWhy we collect itWhat we do to protect your data
- Model metadata (e.g. column names)
- Model code (e.g. dbt sql files)
OpenAIGenerate model descriptions- In process of opting out of telemetry
- Model metadata (e.g. column names)
- Model code (e.g. dbt sql files)
AnthropicGenerate column descriptions- In process of opting out of telemetry
- Usage dataTurntable (Internal)To provide feedback that helps us improve the product- Extensive internal security measures
- Actively working towards SOC II compliance
Can Turntable delete my data?

None of your data is edited or deleted without your interaction. If you would like to delete your records, drop us a line in your company Slack Connect channel, at

What is your privacy policy and terms of service?
Can I opt out of telemetry?

We respect the general VS Code telemetry setting, but if you want to specifically opt out of Turntable’s telemetry:

  • Visit the Turntable extension in the Extension pane
  • Click on the ⚙ icon and then Extension settings
  • Uncheck the Turntable > Telemetry > Enabled check box to opt out of telemetry.


Do you provide enterprise capabilities like SSO/SAML and admin roles?

Not yet. We’d like to offer this in the future.

Is Turntable SOC 2 certified?

Not yet, but we are actively working towards SOC 2 certification. Please contact us at if your organization requires System and Organization Controls (SOC) reports from Turntable.

Do you have a GDPR Data Processing Agreement (DPA)?

Not yet. We are actively investigating if we need this. Please contact us at if this is a concern for your organization.

Something we didn't cover? Please reach out on your company Slack Connect channel, message us at, or click Chat with us at the bottom right of this page.