Integrations
Snowflake
Enforce column- and row-level policy on Snowflake data before it enters a prompt or reaches a user.
Overview
Snowflake is where a great deal of governed data lives - customer records, financials, and PII. When an AI feature, a RAG pipeline, or an agent reads from Snowflake, DataStrict controls what leaves the warehouse and what is allowed to reach the model.
It enforces column- and row-level policy on the data path, so sensitive fields are masked before they ever enter a prompt.
How it works
DataStrict sits between your AI application and the model. As data is retrieved from Snowflake and assembled into a prompt, the gateway inspects it, applies masking or blocking policy bound to the caller's identity and purpose, and records the decision to the Ledger.
Nothing about your rows is stored - DataStrict inspects in-path and logs the decision, not the data.
Connect
Point your retrieval or application layer at the gateway and register your Snowflake account as a source. Attach field-level policy to the columns that carry regulated data.
# datastrict.yaml
sources:
- type: snowflake
account: my-org-account
warehouse: ANALYTICS
policy:
mask:
- column: CUSTOMERS.EMAIL
- column: CUSTOMERS.SSN redact
deny_when: purpose not in ["support", "analytics"]What you can enforce
- Column- and row-level masking of Snowflake data before it enters a prompt.
- Queries that exceed their declared purpose blocked at the boundary.
- PII and secrets in result sets redacted before reaching a user.
- Every AI-driven access written to a tamper-evident Ledger.
Note · Your data stays in Snowflake
Was this page helpful?