[vincentlp]

Absolutely, Sarus never sees the client's data, because the software runs on their infrastructure.

And indeed, data encryption and privacy-preserving analysis (what Sarus does) is quite orthogonal. You may combine them for some use cases (so that data are protected on the machine, but also cannot be re-identified from queries) For example, on our infra (used only for demo, not for clients), by default all data are encrypted at rest by the cloud provider. You could even try to add FHE (Fully homomorphic encryption), but that's quite complex (and probably wouldn't support many type of data analysis).