Protect your data.

BugSnag is a secure and compliant error monitoring solution for your full application stack. We meet the industry's strictest certifications for security, privacy, and control. Whether you use our BugSnag hosted platform or choose our on-premises BugSnag Enterprise offering, we've got you covered.

Certifications and Compliance

BugSnag on-premises option

For Enterprise customers seeking maximum control of data security measures, we offer a completely on-premises version of BugSnag. For more information, please contact us.

PCI DSS

BugSnag's payment and credit card information is handled by Stripe, which is a certified PCI Level 1 Service Provider, the most stringent level of certification available in the payments industry. BugSnag does not typically receive credit card data, making it compliant with PCI DSS in most situations. Our libraries also have configurable client-side data scrubbing which allows you to block credit card data.

ISO 27001, ISO 27017, ISO 27018

BugSnag is ISO 27001:2022 certified. The audit process and certification demonstrates that BugSnag has met rigorous international standards for information security and are committed to the protection of customer data. The ISO 27001 certificate is available for download here

Our hosting provider, Google Cloud Platform, is compliant with the ISO 27001, ISO 27017, and ISO 27018 standards. Google’s ISO 27001 covers the Google Cloud Platform and Google’s shared common infrastructure. The ISO 27017 certification covers cloud security specifically for cloud service providers. ISO 27018 governs protection of personally identifiable information in public cloud services.

SSAE 16 / ISAE 3402 Type II: SOC 1, SOC 2 and SOC 3

BugSnag data centers are compliant with SOC 1, SOC 2, and SOC 3 certifications. SOC provides certification for the internal security controls at third party IT service providers. Our hosting provider, Google Cloud Platform, has achieved SOC 3 certification, in which the controls were evaluated by an independent third party for a period of one (1) year. The Google Cloud Platform SOC 3 public audit report can be downloaded here.

CSA STAR

BugSnag is registered with the Cloud Security Alliance (CSA). The Cloud Security Alliance (CSA) has developed the Security, Trust, & Assurance Registry (STAR) program, an assurance program for customers of Cloud Service Providers intended to assist customers in their due diligence. The BugSnag CSA STAR self-assessment can be found here. BugSnag data centers are hosted with Google Cloud Platform, which has also completed the CSA STAR self-assessment found here.

EU GDPR

BugSnag collects, processes, stores, and uses personal data of EU data subjects in compliance with the requirements of the EU General Data Protection Regulation (EU GDPR). We only transfer EU personal data outside of the EU with the permission of our customer, typically to the United States. When we transfer EU personal data outside the EU, we only use a transfer mechanism permitted under the GDPR such as the Standard Contract Clauses.

CCPA

BugSnag collects, processes, stores, and uses personal data in compliance with the requirements of the California Consumer Privacy Act (CCPA). We never share or “sell” personal data for non-BugSnag purposes under the CCPA.

Want more detail on BugSnag security?

Contact our customer success team.