Cloud security is important for the protection of hosted information. Even small gaps in security coverage can put everything at risk, including data, customer information, uptime, and potentially a company’s reputation. A certain amount of confidence is needed when relying on third-party vendors to manage and handle your data. This is exactly why we prioritize security above everything else.
We comply with the European General Data Protection Regulation (GDPR). Read more about ElephantSQL and GDPR
We comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Our HIPAA compliance is audited by an external party on an annual basis together with our compliance with SOC 2 type 2.
If you need to sign a BAA, please send an email to legal@elephantsql.com
We are proud to be compliant with SOC 2 by AICPA. We have been audited against the Security (common criteria) and Availability Trust Services Criteria.
Our SOC 2 Type 2 report can be obtained under an NDA per request. Please send an email to compliance@elephantsql.com
Our Information Security Program includes all security policies and defines our organization-wide approach to system and data protection. Among other things, the program includes how the service is designed and developed, how the system is operated, how the internal systems and networks are managed, and how employees are hired and trained.
We automatically handle security updates based on advisory for our servers and associated devices.
To secure data in transit, we enforce TLS. Clients have the option to enable TLS to and from the application to ensure secure transit between ElephantSQL and their application.
Instances are isolated from each other on a network level. Policies enforce deny-all-by-default security to instances.
Customer data access is limited to specific employees at ElephantSQL. All employees undergo pre-employment background checks and participate in annual Security Awareness training, as well as Compliance & Policy training.
For more information, please read our security policy which demonstrates our commitment to information security.