Trust Center
At Fivetran we know that data movement is your foundation for innovation, and are committed to providing robust security and privacy programs that protect your data as we would our own.
Our Trust Center is at the core of our many transparency efforts, and we hope you will find accessing our comprehensive security, privacy, and compliance documentation as easy as setting up your first Fivetran pipeline.
All Reports, Documents, & Attestations
Featured Documents
- Please describe the company/user data you require to provide your service: personal information, financial data, confidential/sensitive data, etc.
- Does Fivetran have a Disaster Recovery (DR) or Business Continuity (BC) Plan in place
- Is attack and penetration testing performed periodically?
- Does Fivetran encrypt data in transit and at rest?
- Does Fivetran have a Disaster Recovery Plan (DR) or a Business Continuity Plan (BCP)? How ofter are these plans tested?
CVE-2025-55182
We are aware of the recently disclosed critical security vulnerability in React, CVE-2025-55182, which affects certain React Server Component configurations.
Fivetran’s security team has conducted a thorough review and can confirm that our core services and infrastructure are not impacted by this vulnerability.
We continue to actively monitor the situation, stay up-to-date on exploit details, and will continue to follow official guidance to ensure the highest level of security for our customers.
Security Response -Salesloft Drift
We became aware of the recent security incident involving the Salesloft Drift application, which has affected a number of organizations. Upon being notified, our team took steps to investigate and secure our environment.
New information from GTIG revealed that the scope of this compromise extended beyond the Salesforce integration and may have impacted other integrations. We have since conducted a thorough review of all our integrations and found no evidence of misuse.
Out of an abundance of caution, we revoked and rotated all authentication tokens and API access keys that were stored in or connected to the Drift platform.
We want to assure you that your data is safe and that we are taking this matter very seriously. We will continue to monitor the situation and provide updates as more information becomes available.
CVE-2021-35587
We are aware of recent reports regarding a potential security incident affecting Oracle Cloud, and our security team is actively monitoring the situation and analyzing any potential impact on Fivetran and our customers as new details emerge.
We want to assure you that Fivetran does not utilize Oracle Cloud Infrastructure (OCI) in the delivery of our services; therefore, Fivetran services are not directly impacted by the reported event.
If you utilize Fivetran to connect to or from Oracle Cloud, we echo Oracle's recommendation to review your Oracle Cloud credentials and consider rotating them as a precautionary measure.
We are committed to the security of your data and will provide further updates as they become available.
CVE-2024-38526
As of today, to the best of our knowledge, Fivetran has patched the vulnerability noted in accordance with our vulnerability management policy and no impact to Fivetran has been detected. Additionally, no production subprocessor has issued any security bulletins to Fivetran in response to this vulnerability.
