Bugsnag is a secure and compliant error monitoring solution for your full application stack. We meet the industry's strictest certifications for security, privacy, and control. Whether you use our Bugsnag hosted platform or choose our on-premise Bugsnag Enterprise offering, we've got you covered.
Bugsnag is registered with the Cloud Security Alliance (CSA). The Cloud Security Alliance (CSA) has developed the Security, Trust, & Assurance Registry (STAR) program, an assurance program for customers of Cloud Service Providers intended to assist customers in their due diligence. The Bugsnag CSA STAR self-assessment can be found here. Bugsnag datacenters are hosted with Google Cloud Platform, which has also completed the CSA STAR self-assessment found here.
SSAE 16 / ISAE 3402 Type II: SOC 1, SOC 2 and SOC 3
Bugsnag datacenters are compliant with SOC 1, SOC 2 and SOC 3 certifications. SOC provides certification for the internal security controls at third party IT service providers. Our hosting provider, Google Cloud Platform, has achieved SOC 3 certification, in which the controls were evaluated by an independent third party for a period of one (1) year. The Google Cloud Platform SOC 3 public audit report can be downloaded here.
ISO 27001, ISO 27017, ISO 27018
Bugsnag datacenters are compliant with ISO 27001, ISO 27017 and ISO 27018 certifications. These internationally accepted security standards cover the systems, applications, people, technology, policies, procedures and data centers serving customers. Our hosting provider, Google Cloud Platform, has achieved all three of these certificates. Google’s ISO 27001 covers the Google Cloud Platform and Google’s shared common infrastructure. The ISO 27017 certification covers cloud security specifically for cloud service providers. ISO 27018 governs protection of personally identifiable information in public cloud services.
EU/US Privacy Shield
Bugsnag is compliant with EU/US Privacy Shield, and you can review our certification here. Our datacenters hosted by Google Cloud Platform are also compliant with both EU/US and Swiss/US Privacy Shield. Google’s certifications can be viewed on the Privacy Shield list here.
Bugsnag's payment and credit card information is handled by Stripe, which is a certified PCI Level 1 Service Provider, the most stringent level of certification available in the payments industry. Bugsnag does not typically receive credit card data, making it compliant with PCI DSS in most situations. Our libraries also have configurable client-side data scrubbing which allows you to block credit card data.
Bugsnag datacenters are hosted on Google Cloud Platform, which encrypts all data at rest by default in accordance with the HIPAA Title II Privacy Rule. As a matter of security best practice, Bugsnag recommends filtering any PHI or PII prior to sending them to Bugsnag. More information is available in our documentation. Enterprise customers with a dedicated customer success manager can receive assistance in assuring compliance and auditability on the Bugsnag platform. We can also provide a completely on-premise version of Bugsnag to our Enterprise customers to enable more flexibility in achieving HIPAA compliance. Bugsnag can sign a Business Associate Agreement (BAA) for Bugsnag customers upon request. For more information, please contact us.
Bugsnag on-premise option
We can also provide a completely on-premise version of Bugsnag to our Enterprise customers to enable more flexibility in achieving your compliance requirements. For more information, please contact us.