DataStrict
Integrations

Integrations

Snowflake

Enforce column- and row-level policy on Snowflake data before it enters a prompt or reaches a user.

Overview

Snowflake is where a great deal of governed data lives - customer records, financials, and PII. When an AI feature, a RAG pipeline, or an agent reads from Snowflake, DataStrict controls what leaves the warehouse and what is allowed to reach the model.

It enforces column- and row-level policy on the data path, so sensitive fields are masked before they ever enter a prompt.

How it works

DataStrict sits between your AI application and the model. As data is retrieved from Snowflake and assembled into a prompt, the gateway inspects it, applies masking or blocking policy bound to the caller's identity and purpose, and records the decision to the Ledger.

Nothing about your rows is stored - DataStrict inspects in-path and logs the decision, not the data.

Connect

Point your retrieval or application layer at the gateway and register your Snowflake account as a source. Attach field-level policy to the columns that carry regulated data.

# datastrict.yaml
sources:
  - type: snowflake
    account: my-org-account
    warehouse: ANALYTICS
policy:
  mask:
    - column: CUSTOMERS.EMAIL
    - column: CUSTOMERS.SSN   redact
  deny_when: purpose not in ["support", "analytics"]

What you can enforce

  • Column- and row-level masking of Snowflake data before it enters a prompt.
  • Queries that exceed their declared purpose blocked at the boundary.
  • PII and secrets in result sets redacted before reaching a user.
  • Every AI-driven access written to a tamper-evident Ledger.

Note · Your data stays in Snowflake

DataStrict never copies or stores warehouse rows. It inspects data as it flows into a prompt and records the decision, not the data.

Was this page helpful?