Protect your data.

Bugsnag is a secure and compliant error monitoring solution for your full application stack. We meet the industry's strictest certifications for security, privacy, and control. Whether you use our Bugsnag hosted platform or choose our on-premise Bugsnag Enterprise offering, we've got you covered.

Certifications and Compliance

Bugsnag on-premise option

For Enterprise customers seeking maximum control of data security measures, we offer a completely on-premise version of Bugsnag. For more information, please contact us.

HIPAA

Bugsnag data centers are hosted on Google Cloud Platform, which encrypts all data at rest by default in accordance with the HIPAA Title II Privacy Rule. As a matter of security best practice, Bugsnag recommends filtering any PHI or PII prior to sending them to Bugsnag. More information is available in our documentation. Enterprise customers with a dedicated customer success manager can receive assistance in assuring compliance and auditability on the Bugsnag platform. We can also provide a completely on-premise version of Bugsnag to our Enterprise customers to enable more flexibility in achieving HIPAA compliance. Bugsnag can sign a Business Associate Agreement (BAA) for Bugsnag customers upon request. For more information, please contact us.

PCI DSS

Bugsnag's payment and credit card information is handled by Stripe, which is a certified PCI Level 1 Service Provider, the most stringent level of certification available in the payments industry. Bugsnag does not typically receive credit card data, making it compliant with PCI DSS in most situations. Our libraries also have configurable client-side data scrubbing which allows you to block credit card data.

ISO 27001, ISO 27017, ISO 27018

Bugsnag data centers are compliant with ISO 27001, ISO 27017 and ISO 27018 certifications. These internationally accepted security standards cover the systems, applications, people, technology, policies, procedures and data centers serving customers. Our hosting provider, Google Cloud Platform, has achieved all three of these certificates. Google’s ISO 27001 covers the Google Cloud Platform and Google’s shared common infrastructure. The ISO 27017 certification covers cloud security specifically for cloud service providers. ISO 27018 governs protection of personally identifiable information in public cloud services.

SSAE 16 / ISAE 3402 Type II: SOC 1, SOC 2 and SOC 3

Bugsnag data centers are compliant with SOC 1, SOC 2, and SOC 3 certifications. SOC provides certification for the internal security controls at third party IT service providers. Our hosting provider, Google Cloud Platform, has achieved SOC 3 certification, in which the controls were evaluated by an independent third party for a period of one (1) year. The Google Cloud Platform SOC 3 public audit report can be downloaded here.

CSA STAR

Bugsnag is registered with the Cloud Security Alliance (CSA). The Cloud Security Alliance (CSA) has developed the Security, Trust, & Assurance Registry (STAR) program, an assurance program for customers of Cloud Service Providers intended to assist customers in their due diligence. The Bugsnag CSA STAR self-assessment can be found here. Bugsnag data centers are hosted with Google Cloud Platform, which has also completed the CSA STAR self-assessment found here.

EU GDPR

Bugsnag collects, processes, stores, and uses personal data of EU data subjects in compliance with the requirements of the EU General Data Protection Regulation (EU GDPR). We only transfer EU personal data outside of the EU with the permission of our customer, typically to the United States. When we transfer EU personal data outside the EU, we only use a transfer mechanism permitted under the GDPR such as the Standard Contract Clauses.

CCPA

Bugsnag collects, processes, stores, and uses personal data in compliance with the requirements of the California Consumer Privacy Act (CCPA). We never share or “sell” personal data for non-Bugsnag purposes under the CCPA.

Want more detail on Bugsnag security?

Contact our customer success team.