A decision layer holds the rules behind your data — so it has to clear a higher bar than the tools around it. Metatate keeps policies where your data lives, gives agents read-only answers, and isolates every tenant by construction.
Talk to us about a security reviewOn Snowflake, Metatate runs as a Native App inside your own account. Policies are authored, stored, and evaluated where your data already lives; Cortex Agents and Cortex Code call the decision layer over MCP or as native SQL functions with zero data egress.
Metatate for Snowflake →On the cross-platform product, every environment gets its own scoped MCP endpoint. Agents authenticate with bearer tokens you issue and revoke from the app, and the tenant context is resolved from the token and pinned on every read — there is no cross-tenant query path.
Metatate Platform →The MCP tools agents call are read-only and advisory by contract: they never approve, publish, mask, block, or write governance state. An agent can ask what the rules are and whether a use is allowed — changing the rules stays with people, in the app, behind your review flow.
How the MCP server works →Metatate, Inc. has completed a SOC 2 Type I examination against the Security trust services criteria. The full report is available to prospective customers under NDA.
Request the report →Control families in the examination
Change management
Encryption standards
Identity and access management
Security awareness training
Security incident response
Security monitoring and reporting
Threat and vulnerability management
Vendor risk management
Data handling at a glance
Everything in transit is encrypted with TLS — the app, the MCP endpoint, and every connector.
Warehouse and database credentials live in a dedicated secrets vault, encrypted at rest and decrypted only at connection time.
Tenant isolation is enforced at the database layer with row-level security, not just in application code.
A current subprocessor list is available on request.