First, a quick heads-up
Bubbles is SOC 2 Type II certified, meaning an independent auditor has verified our controls across security, availability, confidentiality, processing integrity, and privacy.
All customer data is encrypted both in transit and at rest.
We continuously monitor, test, and improve our security practices.
Visit our security page for more information.
Compliance and certifications
SOC 2 Certified: external audit of security and privacy controls
Hosted on AWS: infrastructure provider with ISO 27001, SOC 1/2/3, HIPAA certifications
Infrastructure and data protection
Encryption: TLS for data in transit, AES-256 for data at rest
Access controls: Role-based permissions and admin-managed access
Audit logs: Every action is logged for accountability
Good to know
Security is built into every layer of the platform, from infrastructure to development.
Customers with compliance needs (GDPR, DPA, SOC 2 reports) can request documentation from support.
While not CMMC certified today, our security posture already overlaps with many of its requirements.
Still stuck?
If you have any security concerns, email hello@usebubbles.com with your request and workspace name. Our team will provide the details you need.