What is a Data Pod?
A Data Pod is a logical storage unit that encapsulates data together with enforceable rules for quality, compliance, access control, and lineage. It acts as a hard execution boundary within the Nexion runtime.
Official Definition
"A Data Pod is a logical storage unit that encapsulates data together with enforceable rules for quality, compliance, access control, and lineage. It acts as a hard execution boundary within the Nexion runtime."
Unlike traditional datasets that are passive storage, Data Pods actively enforce rules at runtime. Data cannot exist in a Pod without passing through its configured validation and protection pipeline.
Dataset vs Data Pod
| Aspect | Traditional Dataset | Nexion Data Pod |
|---|---|---|
| Primary Function | Storage | Storage + Enforcement |
| Policies | Documented | Executed at Runtime |
| Compliance | Only at rest (after storage) | At execution + at rest |
| Enforcement | User-dependent | Runtime-enforced |
| Data Quality | Optional validation | Mandatory gates |
| PII/PHI Protection | Manual process | Auto-enforced |
| Lineage | External tool | Built-in tracking |
Data Pods are the core differentiator of Nexion. They transform passive storage into active, governed data products.
Data Pod Architecture
Tables:
Tables:
Tables:
Each pod connects to any Storage Destination (OneLake, ADLS, S3, GCS) with isolated encryption keys and access policies
Compliance Levels
Choose the right compliance level for your data. Each level includes all features from lower levels plus additional protections.
Standard data without special compliance requirements
- Delta Lake storage with ACID
- Basic encryption at rest
- Standard audit logging
- Access control policies
Use cases:
Personal Identifiable Information with GDPR/CCPA protection
- All GENERAL features
- Auto PII detection
- 6 protection methods
- GDPR compliance ready
- Data retention policies
- Subject access requests
Use cases:
Protected Health Information with HIPAA Safe Harbor
- All PII features
- HIPAA Safe Harbor (18 identifiers)
- PHI auto-detection
- Enhanced encryption
- Compliance audit trails
- BAA support
Use cases:
Payment Card Industry Data Security Standard
- All PII features
- Credit card tokenization
- PCI-DSS controls
- Cardholder data isolation
- Enhanced monitoring
- Quarterly scans support
Use cases:
6 Protection Methods
Configure how each field type is protected. Different methods for different use cases.
MASKPartial masking that preserves format
Example:
john@email.com → ****@email.comHASHOne-way SHA-256 cryptographic hash
Example:
john@email.com → a8f5f167f44f...REDACTComplete removal with placeholder
Example:
123-45-6789 → [SSN REDACTED]ENCRYPTReversible AES-256 encryption
Example:
john@email.com → gAAAAABl7x2K...TOKENIZEReplace with token, original in vault
Example:
john@email.com → tok_a1b2c3d4e5f6SKIPNo transformation (explicit opt-out)
Example:
john@email.com → john@email.comFlexible Storage
Each Data Pod can use a different Storage Destination. Choose based on your cloud strategy, compliance requirements, or performance needs.
Microsoft OneLake
Fabric native, Unity Catalog compatible
Azure Data Lake Gen2
Hierarchical namespace, Azure native
Amazon S3
AWS native, most compatible
Google Cloud Storage
GCP native, BigQuery integration
All storage uses Delta Lake format
ACID transactions, time travel, and schema evolution on any backend
Ready to isolate your sensitive data?
Create your first Data Pod and start protecting PII/PHI automatically.