Skip to content

Secure and Govern Access

After establishing conversational access to data, embedding these capabilities into your applications, and ensuring continuous accuracy improvements, the next critical step is maintaining security and governance. Numbers Station is designed to operate within your established infrastructure and policies, ensuring data integrity, compliance, and controlled access at every layer.

Secure and Govern Access

Flexible Deployment Options Aligned With Your Security Posture

Numbers Station supports multiple deployment modes to match your organization's governance and compliance requirements.

  • Our Cloud (SaaS): Deploy on the Numbers Station platform while ensuring your data remains in your data warehouse. The system does not move raw data outside your environment, relying instead on secure, authorized queries. Our SaaS offering maintains SOC 2 Type 2 compliance and offers a managed environment with continuous monitoring.
  • Your Cloud (Private VPC): Host Numbers Station directly in your own Virtual Private Cloud (e.g., AWS, GCP, Azure). Data processing and query generation also occur entirely under your governance, aligned with your firewall rules, network policies, and regulatory frameworks. This approach provides maximum control over data paths and storage, ensuring that sensitive information never leaves your infrastructure.

Your Choice of AI Models and Control Over LLM Providers

Numbers Station's architecture allows you to select and manage your preferred Large Language Model (LLM) providers.

  • Provider Flexibility: Integrate with OpenAI models on Azure, Claude (Anthropic) models AWS, Gemini models on GCP, or Meta (LLaMA) models on Databricks or even run self-hosted LLMs within your environment. This ensures compliance with internal policies around data residency, performance SLAs, and model selection.
  • Consistency and Control: Running LLMs on your own hardware or VPC infrastructure gives you predictable latencies, consistent performance, and full control over updates, security patches, and scaling strategies.

Authentication and Role-Based Access

Numbers Station aligns with your existing identity and access management systems:

  • SAML-based SSO Integration: When users authenticate using SAML SSO (e.g., via Okta, Azure AD, or similar providers), their identity attributes (department, region, role) are passed into Numbers Station at login time.
  • Attribute-Based Access Control: These attributes determine which data and operations users can perform. Instead of managing separate credentials, Numbers Station leverages your established authentication workflows, streamlining identity management and auditability.

Granular Data Permissions With Access Grants and Filters

To ensure that each user sees only the data they are authorized to access, Numbers Station enforces column-level and row-level security at query time.

  • Access Grants (Column-Level Security): Define which columns are visible to particular roles or user groups. For example, a finance analyst may see revenue figures, while customer support agents can access only anonymized customer notes. When queries are executed, restricted columns are automatically omitted from the result set.
  • Access Filters (Row-Level Security): Apply dynamic filters, so users only see rows relevant to their attributes. For example, a sales manager in Europe will see only EMEA region sales records. Filters are evaluated at runtime, ensuring that changing user attributes or policies are immediately reflected in query results.

Continuous Alignment With Governance Policies

Numbers Station's approach to governance is adaptive.

  • Dynamic Policy Enforcement: As user attributes change—through role updates, departmental shifts, or job rotations—access policies automatically adjust. This eliminates manual reconfiguration or time-consuming data model changes.
  • Auditing and Compliance: Query logs and access histories are available for audit, helping demonstrate compliance with data privacy regulations (e.g., GDPR, CCPA) or internal governance mandates.
  • No Persistent Data Storage: Numbers Station does not copy or store data from data warehouse(s). It queries data warehouses on-demand, minimizing data movement and storage overhead while adhering to your existing data retention policies.

Summary

By combining flexible deployment options, controlled LLM choices, SAML-based authentication, and granular access governance, Numbers Station aligns with your enterprise's security requirements. This ensures that every user interaction—whether asking a simple metric question or executing a complex join across multiple data sources—respects established policies, maintains data confidentiality, and supports continuous compliance. As a result, you achieve secure, compliant, and governed conversational analytics that seamlessly integrates with your existing infrastructure and procedures.