Bugsnag's payment and credit card information is handled by Stripe, which is a certified PCI Level 1 Service Provider, the most stringent level of certification available in the payments industry. Bugsnag does not typically receive credit card data, making it compliant with PCI DSS in most situations. Our libraries also have configurable client-side data scrubbing which allows you to block credit card data.
Bugsnag is ISO 27001:2013 certified. The audit process and certification demonstrates that Bugsnag has met rigorous international standards for information security and are committed to the protection of customer data. The ISO 27001 certificate is available for download here.
Our hosting provider, Google Cloud Platform, is compliant with the ISO 27001, ISO 27017, and ISO 27018 standards. Google’s ISO 27001 covers the Google Cloud Platform and Google’s shared common infrastructure. The ISO 27017 certification covers cloud security specifically for cloud service providers. ISO 27018 governs protection of personally identifiable information in public cloud services.
Bugsnag data centers are compliant with SOC 1, SOC 2, and SOC 3 certifications. SOC provides certification for the internal security controls at third party IT service providers. Our hosting provider, Google Cloud Platform, has achieved SOC 3 certification, in which the controls were evaluated by an independent third party for a period of one (1) year. The Google Cloud Platform SOC 3 public audit report can be downloaded here.
Bugsnag is registered with the Cloud Security Alliance (CSA). The Cloud Security Alliance (CSA) has developed the Security, Trust, & Assurance Registry (STAR) program, an assurance program for customers of Cloud Service Providers intended to assist customers in their due diligence. The Bugsnag CSA STAR self-assessment can be found here. Bugsnag data centers are hosted with Google Cloud Platform, which has also completed the CSA STAR self-assessment found here.
Bugsnag collects, processes, stores, and uses personal data of EU data subjects in compliance with the requirements of the EU General Data Protection Regulation (EU GDPR). We only transfer EU personal data outside of the EU with the permission of our customer, typically to the United States. When we transfer EU personal data outside the EU, we only use a transfer mechanism permitted under the GDPR such as the Standard Contract Clauses.
Bugsnag collects, processes, stores, and uses personal data in compliance with the requirements of the California Consumer Privacy Act (CCPA). We never share or “sell” personal data for non-Bugsnag purposes under the CCPA.
Contact our customer success team.