Bugsnag data centers are hosted on Google Cloud Platform, which encrypts all data at rest by default in accordance with the HIPAA Title II Privacy Rule. As a matter of security best practice, Bugsnag recommends filtering any PHI or PII prior to sending them to Bugsnag. More information is available in our documentation. Enterprise customers with a dedicated customer success manager can receive assistance in assuring compliance and auditability on the Bugsnag platform. We can also provide a completely on-premise version of Bugsnag to our Enterprise customers to enable more flexibility in achieving HIPAA compliance. Bugsnag can sign a Business Associate Agreement (BAA) for Bugsnag customers upon request. For more information, please contact us.
Bugsnag's payment and credit card information is handled by Stripe, which is a certified PCI Level 1 Service Provider, the most stringent level of certification available in the payments industry. Bugsnag does not typically receive credit card data, making it compliant with PCI DSS in most situations. Our libraries also have configurable client-side data scrubbing which allows you to block credit card data.
Bugsnag data centers are compliant with ISO 27001, ISO 27017 and ISO 27018 certifications. These internationally accepted security standards cover the systems, applications, people, technology, policies, procedures and data centers serving customers. Our hosting provider, Google Cloud Platform, has achieved all three of these certificates. Google’s ISO 27001 covers the Google Cloud Platform and Google’s shared common infrastructure. The ISO 27017 certification covers cloud security specifically for cloud service providers. ISO 27018 governs protection of personally identifiable information in public cloud services.
Bugsnag data centers are compliant with SOC 1, SOC 2, and SOC 3 certifications. SOC provides certification for the internal security controls at third party IT service providers. Our hosting provider, Google Cloud Platform, has achieved SOC 3 certification, in which the controls were evaluated by an independent third party for a period of one (1) year. The Google Cloud Platform SOC 3 public audit report can be downloaded here.
Bugsnag is registered with the Cloud Security Alliance (CSA). The Cloud Security Alliance (CSA) has developed the Security, Trust, & Assurance Registry (STAR) program, an assurance program for customers of Cloud Service Providers intended to assist customers in their due diligence. The Bugsnag CSA STAR self-assessment can be found here. Bugsnag data centers are hosted with Google Cloud Platform, which has also completed the CSA STAR self-assessment found here.
Bugsnag collects, processes, stores, and uses personal data of EU data subjects in compliance with the requirements of the EU General Data Protection Regulation (EU GDPR). We only transfer EU personal data outside of the EU with the permission of our customer, typically to the United States. When we transfer EU personal data outside the EU, we only use a transfer mechanism permitted under the GDPR such as the Standard Contract Clauses.
Bugsnag collects, processes, stores, and uses personal data in compliance with the requirements of the California Consumer Privacy Act (CCPA). We never share or “sell” personal data for non-Bugsnag purposes under the CCPA.
Contact our customer success team.