# Security and compliance

{% hint style="info" %}
If you are interested in learning more about Bubble's security features, we recommend also checking our dedicated page that explores the subject.

Page: [Bubble security](https://bubble.io/security)\
Article: [Bubble's security features](https://manual.bubble.io/help-guides/security/bubbles-security-features)
{% endhint %}

### Single sign-on (SSO)

Secure your team’s login experience by integrating your preferred identity provider with Bubble. SSO not only streamlines authentication but also enhances security by reducing password-related vulnerabilities.

Read more about SSO in [this article](https://manual.bubble.io/help-guides/bubble-for-enterprise/security-and-compliance/single-sign-on-sso).

### SOC 2 Type II report

Our compliance with the SOC 2 Type II standard for security speaks to our commitment to maintaining high levels of security and protecting your data at all times.

For more details and access to the full report, get in touch with our [Sales team](http://bubble.io/contact-sales). You can read more about SOC 2 in [this article](https://manual.bubble.io/help-guides/infrastructure/compliance/soc-2-type-ii).

### GDPR-compliant DPA

Bubble takes the protection of your personal information seriously. We've implemented measures designed to meet the standards of applicable data privacy laws, including the General Data Protection Regulation in the EU and the UK. See our GDPR-compliant[ data processing agreement (DPA).\ <br>](https://bubble.io/dpa)Read more about GDPR in [this article](https://manual.bubble.io/help-guides/infrastructure/compliance/gdpr).

### Advanced DDoS[^1] protection

With the integration of Cloudflare and our in-house monitoring system, we are proactive in detecting and mitigating potential DDoS threats.&#x20;

### Static IP address

For organizations with strict security protocols, we offer the option to assign a static IP address to your application. This means you can include it in an "allow list," further strengthening your application's security perimeter.

### Custom Cloudflare settings

For those seeking more granular control over their security and performance, Bubble’s Enterprise plan allows bespoke Cloudflare configurations. This means you can optimize the balance between protection and performance based on your app's specific requirements.

### Privacy rules

Maintain granular control over user data access with our [privacy rules](#user-content-fn-2)[^2]. By setting specific rules, you can make sure users only access the data they're meant to, protecting sensitive information and maintaining data integrity. Unauthenticated and unauthorized requests are blocked server-side for maximum security.

You can read more about privacy rules in [this article](https://manual.bubble.io/help-guides/data/the-database/protecting-data-with-privacy-rules).

### Penetration tests

Bubble conducts [penetration tests](#user-content-fn-3)[^3] annually (at minimum) in collaboration with a third-party Managed Security Service Provider to maintain the security and integrity of the platform. If a vulnerability is found, we move quickly to fix it. This continuous feedback loop helps us make consistent efforts to safeguard the platform against known vulnerabilities.

For more information and access to penetration testing reports, get in touch with our [Sales team](http://bubble.io/contact-sales).

### Security review

We’re here to help with security questionnaires and any required testing.

<br>

[^1]: A *Distributed Denial of Service (DDoS)* attack floods a website or network with excessive traffic, making it unavailable to legitimate users. It aims to disrupt service rather than steal information.

[^2]: Privacy Rules are conditions that you set up on each data type in order to protect the data from being viewed and edited by unauthorized users.\
    \
    Article: [Protecting data with privacy rules](https://manual.bubble.io/help-guides/data/the-database/protecting-data-with-privacy-rules)

[^3]: A penetration test, often referred to as a "pen test," is a simulated cyberattack on the Bubble platform to identify vulnerabilities that could be exploited by hackers.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://manual.bubble.io/help-guides/bubble-for-enterprise/security-and-compliance.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.