Security and Compliance

Secure at every step of the process

Cloud security is important for the protection of hosted information. Even small gaps in security coverage can put everything at risk, including data, customer information, uptime, and potentially a company’s reputation. A certain amount of confidence is needed when relying on third-party vendors to manage and handle your data. This is exactly why we prioritize security above everything else.


We comply with the European General Data Protection Regulation (GDPR). Read more about ElephantSQL and GDPR


We comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Our HIPAA compliance is audited by an external party on an annual basis together with our compliance with SOC 2 type 2.

If you need to sign a BAA, please send an email to

SOC 2 Type 2

We are proud to be compliant with SOC 2 by AICPA. We have been audited against the Security (common criteria) and Availability Trust Services Criteria.

Our SOC 2 Type 2 report can be obtained under an NDA per request. Please send an email to

Information Security Program

Our Information Security Program includes all security policies and defines our organization-wide approach to system and data protection. Among other things, the program includes how the service is designed and developed, how the system is operated, how the internal systems and networks are managed, and how employees are hired and trained.

Patch Management

We automatically handle security updates based on advisory for our servers and associated devices.

End-to-End Data Encryption

To secure data in transit, we enforce TLS. Clients have the option to enable TLS to and from the application to ensure secure transit between ElephantSQL and their application.

Instance Isolation

Instances are isolated from each other on a network level. Policies enforce deny-all-by-default security to instances.

People Operations

Customer data access is limited to specific employees at ElephantSQL. All employees undergo pre-employment background checks and participate in annual Security Awareness training, as well as Compliance & Policy training.

Security Policy

For more information, please read our security policy which demonstrates our commitment to information security.