Security is not a feature. It is how Canyon works.

Every deployment enforces access control, audit logging, and data governance by default. There is no "turn security on" step.

✓SSO/IdP integration (Okta, Entra ID). No separate user management.

✓Role based and attribute based access control. Enforced at the data layer.

✓Row and column level permissions. Every query, every app.

✓Immutable audit trails. Every access, every deployment, every action.

✓Your infrastructure. We never host your apps or data.

✓No data movement. Canyon queries your sources in place.

Book a Demo Read security docs

Identity & Authentication

Your IdP. Your users. No separate identity layer.

●SSO via SAML 2.0 and OIDC. Okta, Entra ID, or compatible providers.

●User attributes inherited. Roles, groups, departments, regions flow from your IdP.

●No Canyon user accounts. Deprovisioning in your IdP revokes Canyon access immediately.

●MFA enforced by your IdP. Canyon respects your authentication policies.

Authorization

Governance at the data layer, not the application layer.

Traditional

Each app implements its own access controls. Some get it right. Many do not. Nobody can audit the whole picture.

Canyon

Access controls enforced once, at the semantic layer, before any app can access data. Every app inherits the same rules.

RBAC

Roles map to your IdP groups. Permissions define which metrics, entities, and data scopes each role can access.

ABAC

Fine grained rules based on user attributes: region, department, seniority. Example: marketing staff see campaign metrics but not individual customer PII.

Row and column level

Applied at the query layer. Not filterable by the app, not bypassable by the AI tool. A regional manager queries revenue and only sees their region.

Auditability

Every action. Every access. Logged.

What is logged

●Data access: app, user, metric, source, timestamp

●Deployments: who triggered, what changed, rules applied

●Governance events: access denied, violations, deprecated metrics

●Code generation: context injected, guardrails enforced

Where logs go

●Datadog, Grafana, Splunk, or your SIEM

●Canyon built in audit interface

●Retention follows your organizational policies

Audit logs are immutable. Nothing is left untracked.

Data Handling

We do not store your data. We do not move your data.

What Canyon stores

• Semantic layer definitions (metric formulas, schemas, policies)

• Deployment metadata (what, when, who)

• Audit logs (access events, governance actions)

What Canyon does NOT store

• Your enterprise data (queries run against your sources)

• User credentials or passwords (your IdP handles this)

• Application state or user content (lives in your infra)

European data sovereignty by default

Canyon deploys in your region (EU, US, APAC). No cross border data transfer unless you configure it. Entirely self hostable.

Secure Integrations

Connections that do not create risk.

Data source connectors

●Read only by default. Write access requires explicit configuration.

●Connections authenticated via service accounts or federated identity.

●Each connector scoped to specific schemas and tables.

●No stored passwords.

API security

●All Canyon APIs require authentication.

●Rate limiting and quota enforcement per app, per user.

●API versioning with deprecation notices.

Code scanning in every pipeline

SemgrepGitLeaksTrivyTenableSyft (SBOM)

Full integration catalog →

Compliance

Audit trail supports SOC 2, ISO 27001, and GDPR.

SOC 2

Audit logs support Type II review requirements. Immutable, exportable.

ISO 27001

Access control and incident management documentation. Full traceability.

GDPR

Data residency, access logging, right to erasure support. EU first deployment.

Book a Demo