Security and compliance

If you are interested in learning more about Bubble's security features, we recommend also checking our dedicated page that explores the subject.

Page: Bubble security Article: Bubble's security features

Single sign-on (SSO)

Secure your team’s login experience by integrating your preferred identity provider with Bubble. SSO not only streamlines authentication but also enhances security by reducing password-related vulnerabilities.

Read more about SSO in this article.

SOC 2 Type II report

Our compliance with the SOC 2 Type II standard for security speaks to our commitment to maintaining high levels of security and protecting your data at all times.

For more details and access to the full report, get in touch with our Sales team. You can read more about SOC 2 in this article.

GDPR-compliant DPA

Bubble takes the protection of your personal information seriously. We've implemented measures designed to meet the standards of applicable data privacy laws, including the General Data Protection Regulation in the EU and the UK. See our GDPR-compliant data processing agreement (DPA). Read more about GDPR in this article.

Advanced protection

With the integration of Cloudflare and our in-house monitoring system, we are proactive in detecting and mitigating potential DDoS threats.

Static IP address

For organizations with strict security protocols, we offer the option to assign a static IP address to your application. This means you can include it in an "allow list," further strengthening your application's security perimeter.

Custom Cloudflare settings

For those seeking more granular control over their security and performance, Bubble’s Enterprise plan allows bespoke Cloudflare configurations. This means you can optimize the balance between protection and performance based on your app's specific requirements.

Privacy rules

Maintain granular control over user data access with our . By setting specific rules, you can make sure users only access the data they're meant to, protecting sensitive information and maintaining data integrity. Unauthenticated and unauthorized requests are blocked server-side for maximum security.

You can read more about privacy rules in this article.

Penetration tests

Bubble conducts annually (at minimum) in collaboration with a third-party Managed Security Service Provider to maintain the security and integrity of the platform. If a vulnerability is found, we move quickly to fix it. This continuous feedback loop helps us make consistent efforts to safeguard the platform against known vulnerabilities.

For more information and access to penetration testing reports, get in touch with our Sales team.

Security review

We’re here to help with security questionnaires and any required testing.

Last updated

#829: Flusk: more detailed Issue Descriptions

Change request updated