v2.2 LIVE 🔄 New: Reverse ETL to Salesforce & HubSpot — governed by the same compliance loop

Deliver Snowflake data anywhere — to humans, to systems, to your CRM — with compliance built in.

Scheduled exports to email, Slack, SFTP, and cloud storage. Reverse ETL to Salesforce and HubSpot. PII detection, policy enforcement, and approval workflows on every delivery — including reverse ETL. Your data never leaves Snowflake.

Install from Snowflake Marketplace See reverse ETL in action →
🛡

Govern automatically

Classify PII / PCI / PHI on every table. Mask sensitive columns by default. Enforce policies per destination.

Require approvals where they matter

Route sensitive exports through an approval queue. Approvers see the full query before clicking Allow.

New in v2.2
🔄

Reverse ETL natively

Push Snowflake records straight to Salesforce and HubSpot. Same compliance loop applies. No external ETL tool.

📊

Audit every export

Every delivery — including blocks and warnings — lands in a queryable audit log.

v2.0 · Compliance & Governance

Mask sensitive data on every export — by default.

PII, PCI, PHI, and credential columns in your source tables are detected automatically using 45 built-in rules. Mask-by-default applies the right transform on every delivery — email, Slack, Teams, webhook, SFTP, or file write. Every export writes a compliance audit row; a new Reports tab gives compliance officers a filterable view with CSV export for external GRC workflows.

🔍

Automatic detection

45 built-in rules cover PII, PCI, PHI, and credentials. Extendable with custom patterns. Detected matches surface in the wizard before the export runs.

🎭

The right transform per type

Last-4 for cards. Redaction for names. Hashing for medical IDs (preserves joins downstream). Domain-only for emails. All applied uniformly across delivery channels.

📋

Compliance audit + Reports tab

Every export logs who, what, to where, and with what masking. Filterable Reports view for compliance officers, CSV export for Drata / Vanta / OneTrust ingestion.

Non-breaking migration. Existing v1.x scheduled exports keep their original cleartext behavior on upgrade. Masking is opt-in for legacy schedules and default-on for new schedules created after the upgrade. Roll out at whatever cadence fits your audit calendar.

Runs on Snowflake Standard edition. All data and processing stay inside your Snowflake account — same architecture and trust posture as v1.x. Read the full v2.0 release notes →

v1.3 · AI assist

Describe your export in plain English.

SnowExporter v1.3 writes the query, picks the schedule, and routes it to the right Slack channel, Teams chat, or email — all without leaving Snowflake.

🤖 You type:

"Email me the top 10 customers by revenue every Monday at 9 AM Eastern."

Cortex returns a complete scheduled export:
  • SQL query against your selected database / schema
  • Cron expression + IANA timezone
  • Delivery mode and matched destination
  • Recipients pulled from your configured channels

Snowsight Copilot writes SQL. SnowExporter's AI writes the whole job — query, schedule, destination. You review every field before clicking Schedule; nothing is auto-submitted.

Powered by Snowflake Cortex (mistral-large) — runs server-side inside your Snowflake account, so your data stays inside the boundary just like the rest of the app. Requires Cortex on your Snowflake account. Pro / Trial only.

Delivery modes

One query. Seven ways out.

SnowExporter doesn't lock you into a single export channel. Pick the category that fits the recipient and the data volume.

Five delivery modes — inside Snowflake vs external Your query, the SnowExporter Native App, and the internal stage all run inside your Snowflake account. Five delivery modes carry results out: email body, email with presigned download link, Slack channel, Microsoft Teams channel, or file write to AWS S3, GCP GCS, or Azure Blob. YOUR SNOWFLAKE ACCOUNT Query, app, and internal stage all run here FIVE DELIVERY MODES Only export results cross the boundary Your query SELECT … FROM … Native App · Streamlit + SQL 3 narrow privileges Internal stage file written here for modes 2 and 5 stays in Snowflake 1 📧 Email — in the body Up to 50 rows rendered in the message body Recipients: verified Snowflake user emails only 2 🔗 Email — download link Presigned link to the staged file No row limit — recipients click & download 3 Slack channel v1.2 Monospace table, up to 10 rows + summary Optional file via 24-hour presigned link for more 4 Microsoft Teams channel v1.2 MessageCard with table + Download button For larger results, file attachment via link 5 FILE EXPORT CSV / JSON · optional GZIP 📁 S3 bucket via storage integration · IAM role trust policy 📁 Google Cloud Storage via storage integration · service account binding 📁 Azure Blob Storage via storage integration · access grants
Your query, the SnowExporter app, and the internal stage all run inside your Snowflake account. Five delivery modes — email body, email link, Slack channel, Teams channel, or file write to internal stage / S3 / GCS / Azure — cross out to the recipient or destination you chose.
📧

Email

In-body — results render directly in the email body, up to 50 rows per send. Download link — presigned URL to a file in an internal stage, no row limit. Recipients must be verified Snowflake user emails.

v1.2
💬

Chat — Slack & Teams

Slack channel — results in a monospace table, up to 10 rows + summary. Microsoft Teams channel — same shape via Teams MessageCards. Larger results get an optional downloadable file via a 24-hour presigned link.

New in v2.0
🪝

Webhook & SFTP

Webhook — HTTPS POST to your endpoint with signed-secret auth and retry-on-5xx. SFTP — secure file transfer to your server with password or SSH-key auth. Same file format options as cloud exports.

📁

File to destination

Write a CSV or JSON file — optionally GZIP'd, optionally with a timestamp suffix — to an internal Snowflake stage or an external AWS S3, GCP GCS, or Azure Blob destination.

Why a Native App

Your data never leaves your Snowflake account.

SnowExporter runs inside your Snowflake account. There is no third-party server that touches your data. The app requests only three account-level privileges, all explicitly scoped to what it needs.

SnowExporter data flow Source data, the SnowExporter Native App, the optional internal stage, and the audit log all live inside your Snowflake account. Only export results — emails and files — cross the boundary to external destinations like AWS S3, GCP GCS, and Azure Blob. YOUR SNOWFLAKE ACCOUNT Data and app execution stay inside this boundary Your source data Tables & views in your account Native App — Streamlit + SQL 3 narrow privileges Internal stage optional destination · stays in Snowflake Audit log & activity dashboard Every send, every file, every schedule change — logged with real compute credits Reads ACCOUNT_USAGE.QUERY_ATTRIBUTION_HISTORY EXPORT RESULTS CROSS → The query, the app state, the audit log do not 📧 Email recipient In-body (≤50 rows) or download link S3 bucket CSV / JSON, optional GZIP, timestamps Google Cloud Storage CSV / JSON, optional GZIP, timestamps Azure Blob Storage CSV / JSON, optional GZIP, timestamps Slack channel Monospace table + optional file (v1.2) Microsoft Teams channel MessageCard + optional Download (v1.2) Only the bytes you chose to export.
SnowExporter runs inside your Snowflake account. Your source data, the app, the optional internal stage, and the audit log all stay in the boundary. Only export results — emails and files — cross out to external destinations.
⚠  The traditional way

Your data leaves Snowflake.

Third-party ETL platforms, BI extracts, and custom export scripts all share the same pattern: they pull your data out of Snowflake, process it on infrastructure you don't control, then push it onward.

  • Your data sits in transit on a vendor's servers
  • Broad Snowflake privileges typically required — schema-wide SELECT, sometimes warehouse management
  • Audit logs live in the vendor's system, not yours
  • You inherit the vendor's security posture, encryption-at-rest, and personnel access controls
✓  SnowExporter (Native App)

Your data stays in Snowflake.

SnowExporter runs inside your Snowflake account as a Native App. No third-party server in the loop. The Snowflake boundary is the security boundary.

  • Data never crosses out to a vendor's infrastructure — only the export you chose
  • Three narrow privileges only — no CREATE DATABASE, no MANAGE WAREHOUSES, no schema-wide grants
  • Audit log lives in your own ACCOUNT_USAGE — same surface as your other Snowflake activity
  • Your ACCOUNTADMIN sees exactly what's being granted; the app's UI generates the SQL for each step

For full transparency, here are the only three privileges the app's manifest.yml requests:

IMPORTED PRIVILEGES ON SNOWFLAKE DB

Read ACCOUNT_USAGE.QUERY_ATTRIBUTION_HISTORY so the audit log can show real compute credits per query.

EXECUTE TASK

Run scheduled exports as Snowflake tasks.

EXECUTE MANAGED TASK

Run scheduled exports as serverless managed tasks when a warehouse is granted.

See it in action

The actual app, end-to-end.

From query to delivery — here's what SnowExporter looks like inside Snowsight.

SnowExporter Home dashboard showing recent activity and compute credits
SCREENSHOT PENDING public/screenshots/01-home-dashboard.png
Home dashboard — recent activity, real compute credits per export from ACCOUNT_USAGE, quick-access to common actions.
Create Data Export wizard Steps 1 and 2 - choose data, write and run SQL
SCREENSHOT PENDING public/screenshots/03-destinations.png
Create Data Export wizard — Steps 1 & 2 — pick a database, schema, and table, or write your own SQL. Run and preview the result before choosing a delivery mode.
Create Data Export wizard - delivery mode picker
SCREENSHOT PENDING public/screenshots/02-create-export-delivery.png
Create Data Export wizard — Step 3 — pick a delivery mode per export: email body, download link, Slack, Teams, or file to a cloud destination.
Scheduled Exports page listing active and paused schedules
SCREENSHOT PENDING public/screenshots/04-scheduled-exports.png
Scheduled Exports — cron-based schedules with timezone control; pause, resume, and delete with a Refresh for the post-resume metadata window.
Logs page with audit entries and compute credits per query
SCREENSHOT PENDING public/screenshots/05-logs.png
Logs page — full audit of email sends, file exports, and schedule lifecycle, with actual compute credits per query.
Scheduling

Once-off or on a recurring schedule.

Any export can be scheduled. Cron syntax, your choice of timezone (set once in Settings). Pause, resume, or delete schedules from the Scheduled Exports page.

Multi-destination management

Define many destinations. Manage them per-endpoint.

Internal stage, AWS S3, GCP GCS, Azure Blob — define as many destinations as you need. Each destination has a Description and Business Contact so admins document what every endpoint is for and who owns it. Enable or disable each one independently without deleting the configuration.

Audit log + activity dashboard

Real costs alongside real actions.

Every email send, file export, and schedule change is logged. The Logs page pulls actual compute credits per query from ACCOUNT_USAGE.QUERY_ATTRIBUTION_HISTORY, so you see real cost attribution next to each action — not estimates.

Ready to export?

SnowExporter v1.0 is available now on the Snowflake Marketplace.

Get it on the Marketplace Read the changelog