Skip to main content
Query Analyzer is an opt-in, AI-powered feature in StarTree Cloud. This page describes how your data is handled, which security controls apply, and how Query Analyzer inherits StarTree Cloud’s platform compliance posture.
Beta feature. Query Analyzer is disabled by default and available on demand. Contact your StarTree account team to have it enabled for your environment.

Overview

Query Analyzer is request-scoped: it processes one analysis per request and does not persist query text, metadata, or LLM responses to any database or customer-accessible storage.

Data Flows

Collected from Pinot

For normal (non-direct) analysis, Query Analyzer uses your authenticated identity to call Pinot Controller admin APIs on your cluster. The following operations run per table referenced in your SQL (except explain and query execution, which run once per analysis request).
OperationPinot APIStatic AnalysisRuntime AnalysisAPI reference
Fetch table config and schemaGET /tableConfigs/{tableName}YesYesGet table configs
Infer index configurationPOST /tables/inferIndexesYesYesStarTree extension API (normalizes index config for analysis)
Fetch table statisticsGET /tables/{tableName}/metadataYesYesGet aggregate table metadata
Run explain planPOST /sql with EXPLAIN PLAN FOR and useMultistageEngine=true;explainAskingServers=true (falls back to single-stage engine if needed)YesYesPinot Controller SQL query API
Execute the SQL queryPOST /sql with useMultistageEngine=true;collectGcStats=trueNoYesPinot Controller SQL query API
The POST /sql endpoint is the Pinot Controller SQL query API. It is used for explain plans and, in runtime analysis, to execute your query and collect stageStats. This is separate from the broker query API (POST /query/sql) used for interactive querying in some deployments.
Pinot’s own RBAC policies govern which tables and operations your identity can access. Runtime analysis executes your query against the cluster. Use it only when the query is safe to run in your environment.

Sent to the LLM

What is never included in the LLM prompt

Never includedDetail
Row data and query result valuesYour actual analytics data remains in Pinot
Credentials and secret referencesMasked in table configuration before transmission
Personally identifiable information (PII)No user-identifying information is included
Model trainingPrompt data is not used to train or improve the underlying LLM
Only structural metadata and execution statistics are sent to the LLM provider. Your actual data values are not included.

What is included in the LLM prompt

DataSourceNotes
SQL query textUser inputThe query you submit for analysis
Table config (reduced)PinotStripped and masked (see note below)
SchemaPinotField types, encoding, and index configuration
Column cardinality estimatesPinotApproximate distinct value counts per column
Explain planPinotExecution structure only
Execution statisticsPinotOperator timing and memory metrics (runtime analysis only)
Before transmission, StarTree Cloud masks credentials and secret references in table configuration JSON and strips non-essential sections (ingestion config, task definitions, tenants, metadata, and routing).

Data Lifecycle and Retention

AspectBehavior
PersistenceNo query text, metadata, or LLM responses are written to durable storage
In-memory scopeAnalysis data exists only for the duration of the HTTP request
Application logsStarTree Cloud application logs may record SQL text at INFO level; subject to platform log retention and access controls

AI Model and Provider

DeploymentAI ProviderModel
AWSAmazon BedrockClaude (Anthropic), us.anthropic.claude-sonnet-4-20250514-v1:0
Google Cloud (Coming Soon)Vertex AINot yet available
Azure (Coming Soon)Azure AI FoundryNot yet available
On AWS, prompts are processed by Amazon Bedrock under AWS’s data privacy commitments.

Access Controls

Query Analyzer uses the same authentication and authorization model as other StarTree Cloud APIs. See Manage Security for OIDC identity provider setup, RBAC policies, and API tokens.
ControlBehavior
AuthenticationRequired for POST /api/query-analyzer/static-analysis and POST /api/query-analyzer/runtime-analysis
AuthorizationGoverned by StarTree Cloud RBAC and Pinot cluster policies for the tables in your query
Workspace scopingUse the workspace header to scope requests to a specific workspace
Feature availabilityDisabled by default. Contact your StarTree account team to enable.

Encryption

LayerControl
In transitTLS 1.2+ between Data Portal, StarTree Cloud, Pinot, and the LLM provider
At restQuery Analyzer does not write analysis data to disk; platform policies apply to operational logs
SecretsLLM API keys are managed through StarTree’s secure deployment configuration and are not embedded in customer-facing payloads

Platform Compliance

Query Analyzer runs within StarTree Cloud infrastructure and inherits platform certifications:
  • SOC 2 Type 2
  • ISO 27001
  • HIPAA readiness
For full platform security details, see Security and Compliance.

Query Analyzer Overview

Feature overview, analysis modes, and what gets analyzed.

StarTree Cloud Security

Platform-wide security controls and compliance certifications.