Have a meeting with a large corporate client on Monday with their IT department. They want to talk about security and data privacy.
When asked, I’ve first explained AWS security: end-to-end security and SSL encryption., as I understand it. All our user data also has strong privacy visibility.
Is there anything else I should add when asked tough questions?
While Bubble use AWS which is SOC2 and ISO27001 compliant, any Bubble app you build will not be. Chances are they’ll want to discuss about this.
Bubble is not enterprise-grade yet, but it’s a high priority on their roadmap
Did they give you a questionnaire to fill out before the meeting?
SOC2 compliance is a priority for the Bubble team but it is being pushed back. You can read April’s community update
As mentioned last month, we are kicking off an overhaul of our network architecture and infrastructure organization with the goal of hardening our security posture and aiming for SOC2 compliance. We are shifting the focus of this work to prioritize reliability-related improvements ahead of the work that will get us to SOC2, so we may end up pushing the date back for SOC2.
You can also go through this doc to get an idea link