Hi everyone,
Thank you all for your support and celebrating this milestone with us! I’m jumping back in to address some of the common questions and themes that have come up in the comments.
Dedicated Server on the Enterprise Plan
On the Enterprise plan, you can choose to host your app on our shared infrastructure or get a dedicated instance with a server located in an AWS hosting region of your choice.
SOC 2 Type II Compliance for Bubble Apps
Bubble’s SOC 2 Type II report means that our platform itself meets the standards needed to be compliant. This compliance does not automatically transfer over to apps built on Bubble. If a user wants their app to be SOC 2 Type II compliant, they’ll need to ensure that the way they design and operate the app meets the necessary trust principles and complete a separate audit.
If you’re interested in getting a copy of our SOC 2 report, please contact our Sales team for more details.
Bubble Employee Access to the Database
We determine the type and level of database access granted to employees based on the principle of least privilege. In this case, only approved employees have access to customer data. As part of our commitment to SOC 2 Type II compliance, we’ve implemented strict security controls to protect against unauthorized access to data.
Bubble SSO vs SSO Integration for End-users
With the Enterprise plan, we’ve introduced Bubble SSO, which allows an organization to secure member logins for the Bubble platform. This is different from the SSO integration for end-users via the WorkOS plugin or the API Connector, which remains a feature available on all plans.
GDPR Compliance on Bubble’s Main Cluster
We take the protection of your personal information seriously and have implemented measures designed to meet the standards of applicable data privacy laws, including the General Data Protection Regulation in the EU and the UK. These measures apply to all apps on any plan, including those on Bubble’s main cluster. It is ultimately up to each customer to decide if they want or need to go beyond that and store their data in the EU. We recommend that you consult a qualified legal professional for advice regarding specific regulatory compliance obligations relevant to your circumstances.
If you have any additional questions, please get in touch with our Sales team. Happy Bubbling!