Security and compliance
Secure your team’s login experience by integrating your preferred identity provider with Bubble. SSO not only streamlines authentication but also enhances security by reducing password-related vulnerabilities.
Our compliance with the SOC 2 Type II standard for security speaks to our commitment to maintaining high levels of security and protecting your data at all times.
Bubble takes the protection of your personal information seriously. We've implemented measures designed to meet the standards of applicable data privacy laws, including the General Data Protection Regulation in the EU and the UK. See our GDPR-compliant data processing agreement (DPA). Read more about GDPR in this article.
With the integration of Cloudflare and our in-house monitoring system, we are proactive in detecting and mitigating potential DDoS threats.
For organizations with strict security protocols, we offer the option to assign a static IP address to your application. This means you can include it in an "allow list," further strengthening your application's security perimeter.
For those seeking more granular control over their security and performance, Bubble’s Enterprise plan allows bespoke Cloudflare configurations. This means you can optimize the balance between protection and performance based on your app's specific requirements.
Maintain granular control over user data access with our privacy rules. By setting specific rules, you can make sure users only access the data they're meant to, protecting sensitive information and maintaining data integrity. Unauthenticated and unauthorized requests are blocked server-side for maximum security.
Bubble conducts penetration tests annually (at minimum) in collaboration with a third-party Managed Security Service Provider to maintain the security and integrity of the platform. If a vulnerability is found, we move quickly to fix it. This continuous feedback loop helps us make consistent efforts to safeguard the platform against known vulnerabilities.
We’re here to help with security questionnaires and any required testing.