Introducing SOC 2 and Bubble for Enterprise

Update: Please see my most recent post in the comments, which addresses frequently asked questions.

Hi everyone,

My name is Fabian, and I lead the Sales team here at Bubble. I’m here with some very exciting updates.

If you’ve been reading Josh’s community updates over the past few months, you know that we have been working hard toward obtaining Bubble’s official SOC 2 Type II report. Today, we’re thrilled to share that those efforts were successful!

In tandem with this good news, we’re also excited to introduce Bubble for Enterprise. We have always been — and will always be — fiercely committed to enabling companies of any size to build and scale production-grade applications, from solo-founders to Fortune 500 companies. Bubble for Enterprise, which allows us to better serve our large and growing users, is the natural next step in that journey.

Here’s a bit more on each of these exciting things:

New standards for security

The update we’re most excited to celebrate with all of you is Bubble’s compliance with SOC 2 Type II. Developed by the American Institute of CPAs (AICPA), SOC 2 is a compliance framework that defines criteria for managing customer data. An independent auditor verified that our information security practices, policies, procedures, and operations meet the rigorous SOC 2 standard for security.

Our first ever SOC 2 Type II report is a major milestone for Bubble! We heard from you, time and time again, that SOC 2 is something you, your end-users, your investors, and your clients care about. So in the last year, we made obtaining SOC 2 a top priority. Now, everyone on Bubble can rest assured that their users’ data is protected with the most rigorous industry-standard security practices.

We’ve also taken steps to further our commitment to GDPR compliance. Anyone building on Bubble can take advantage of our platform’s capabilities to meet your GDPR obligations.

Bubble for Enterprise

You can get all the details about our new Enterprise plan in our most recent blog post. But in short, this is the evolution of our legacy Custom plan with new features including:

  • Single sign-on to Bubble’s platform and admin-level controls, so you can secure your team’s login credentials and control who can access which of your company’s apps
  • Centralized billing and account management, so you can share server resources across apps and send invoices to a single administrator

Ultimately, Bubble for Enterprise reinforces that no-code is secure and scalable. That’s good not just for large companies, but also for founders growing their user base, founders pitching to VCs, agencies pitching to major clients, and more.

But also, some of you are building large and complex apps with millions of page views every week and hundreds of thousands of active users. Our pricing plans are designed to grow with you, and with the introduction of the Enterprise plan, we have a full structure in place. That means we can focus on delivering more value on every plan as we continue to improve our product.

For more information, we encourage you to read the blog post and check out our technical documentation. Bubble Developer Petter Amlie also does a great job covering security features in The Ultimate Guide to Bubble Security. And as always, our Sales team is the best point of contact for Enterprise plan inquiries.

Thanks as always for your continued support!

— Fabian and the Bubble team


Awesome news team, and congrats on getting the SOC 2 report :raised_hands: this is a huge win for agencies, freelancers, and app owners who have run into the “compliance road block” from potential clients and investors. No more!


Amazing job, team! I can’t wait to see the new bubble apps created by enterprises!


Allright things are getting more exciting by the day now. Awesome job and congratulations!

1 Like

This is impressive, hopefully this will open the doors to larger projects :slight_smile:

1 Like

That is awesome!! Congrats :partying_face:

1 Like

An amazing milestone.

Congratulations team Bubble!



Great…does the enterprise plan afford the opportunity to choose a dedicated server host region?

Any plans to allow Enterprise to run on its own instance or will that still be available only by going up to the full dedicated plan?

On this front, has there been any change on the fact that some Bubble employees can get unrestricted access to an app’s data (reference:

That was a long while ago and Josh said it was going to change but I’ve never seen evidence of an opt-in protocol. Just seems like a big vulnerability if a disgruntled Bubble employee could access any app’s data without authorisation from the owner :slight_smile:

If anyone can find an update on this let me know…

I am wondering, how can we be compliant with GDPR in the Growth plan, without being able to store the app data in EU?

1 Like

AMAZING!!! Congrats!

1 Like

For dedicated, you can already choose where to host…


Sounds great.

1 Like

This is fantastic! We’ve been wanting to target Enterprise clients and now we have the tools to do that.

1 Like

Solid job Bubble Team! This is great news. A giant step forward for Bubble and all of us users who entrust and believe in the Bubble Platform with our data and front facing client apps.


@fabian.keim, with the SSO feature, could an Enterprise SAAS app enable users from Company A to login with their Company A SSO and users from Company to do likewise with theirs etc, all on the same database? So a bit like the social logins plugins?

Or is this geared more towards internal enterprise apps?

Great work!

1 Like


1 Like

Does this mean Bubble employees can’t see our app’s database data anymore? Or was that a different compliance standard for medical healthcare related stuff? I am very unfamiliar in this field but just curious.

1 Like