Security and compliance
If you are interested in learning more about Bubble's security features, we recommend also checking our dedicated page that explores the subject.
Page: Bubble security Article: Bubble's security features
Single sign-on (SSO)
Secure your team’s login experience by integrating your preferred identity provider with Bubble. SSO not only streamlines authentication but also enhances security by reducing password-related vulnerabilities.
Read more about SSO in this article.
SOC 2 Type II report
Our compliance with the SOC 2 Type II standard for security speaks to our commitment to maintaining high levels of security and protecting your data at all times.
For more details and access to the full report, get in touch with our Sales team. You can read more about SOC 2 in this article.
GDPR-compliant DPA
Bubble takes the protection of your personal information seriously. We've implemented measures designed to meet the standards of applicable data privacy laws, including the General Data Protection Regulation in the EU and the UK. See our GDPR-compliant data processing agreement (DPA). Read more about GDPR in this article.
Advanced protection
With the integration of Cloudflare and our in-house monitoring system, we are proactive in detecting and mitigating potential DDoS threats.
Static IP address
For organizations with strict security protocols, we offer the option to assign a static IP address to your application. This means you can include it in an "allow list," further strengthening your application's security perimeter.
Custom Cloudflare settings
For those seeking more granular control over their security and performance, Bubble’s Enterprise plan allows bespoke Cloudflare configurations. This means you can optimize the balance between protection and performance based on your app's specific requirements.
Privacy rules
Maintain granular control over user data access with our . By setting specific rules, you can make sure users only access the data they're meant to, protecting sensitive information and maintaining data integrity. Unauthenticated and unauthorized requests are blocked server-side for maximum security.
You can read more about privacy rules in this article.
Penetration tests
Bubble conducts annually (at minimum) in collaboration with a third-party Managed Security Service Provider to maintain the security and integrity of the platform. If a vulnerability is found, we move quickly to fix it. This continuous feedback loop helps us make consistent efforts to safeguard the platform against known vulnerabilities.
For more information and access to penetration testing reports, get in touch with our Sales team.
Security review
We’re here to help with security questionnaires and any required testing.
Last updated