How secure is Bubble?
Bubble complies with the SOC 2 Type II standard for security and offers a GDPR-compliant data processing agreement (DPA).
What cloud hosting provider does Bubble use?
Bubble hosts its infrastructure on Amazon Web Services (AWS), which is SOC 2, CSA CAIQ, and ISO/IEC 27001 compliant.
Can I choose where the AWS server for my app is hosted?
If you're on an Enterprise Dedicated plan, you can specify the region where your server and data are located from Bubble's growing list of AWS data center regions (found here). For all other app plans, Bubble's servers and data are hosted on AWS West Region. More information about how apps on the main cluster are hosted can be found in this article.
How does Bubble encrypt user data?
Your data is safeguarded in transit with TLS and at rest with AES-256 encryption through RDS.
Does Bubble conduct third-party security audits and penetration testing?
Yes. Bubble conducts automated code testing, vulnerability testing (OWASP Top 10), and continuous monitoring. We also conduct pen tests at minimum annually, following OWASP WSTG.
Does Bubble provide data backup and recovery?
Yes. Bubble uses point-in-time backups to enable recovery for Bubble apps and their underlying databases.
Do you support multi-factor authentication and SSO?
All Bubble users can enable two-factor authentication (2FA) on their account. The Enterprise plan allows admins to streamline user management with SSO account provisioning.
How securely does Bubble integrate with external systems?
Bubble can connect with any system through the API Connector, which supports a variety of secure authentication methods including OAuth, Bearer Auth, Basic Auth, and more.