Tinybird fully complies with GDPR regulations, with all related requests handled via our support.
Tinybird is SOC 2 Type 2 compliant. Our SOC 2 report is available to all customers on our Enterprise plan.
Our HIPAA compliance report is available to all customers.
All customer databases are continuously backed up to highly durable storage. Point-In-Time Recovery (PITR) is available to all database services.
Tinybird runs all services on AWS, Google, and Microsoft data centers, which have some of the highest levels of security and reliability available.
Engineering review for security best practices, making sure your Tinybird deployment is secure from unauthorized access, data breaches, and other security threats.
Software developed by Tinybird is constantly analyzed by static analysis security tools. Code is reviewed as changes are proposed and security design reviews take place as needed.
SSO/SAML authentication is available to all Enterprise customers.
Tinybird requires industry-standard Transport Layer Security (versions 1.2+) encryption for all connections. All database services support client certificate verification modes. Critical internal traffic is protected by mutual TLS.
Tinybird keeps the list of data subprocessors updated in the Terms of Service.
Tinybird offers secure Multi-Factor Authentication (or 2FA) for all customers.
Support is fully staffed 24x7 globally, with SLOs based on issue severity. Contact us for any support and operations requests you have.
Tinybird regularly collaborates with external security audit firms to assess our security posture and intrusion detection capabilities.
All data volumes, including backups, are encrypted at rest with unique keys specific to each service, and keys are automatically rotated at a regular cadence.
Tinybird uses 24/7 on-call rotations with internal escalations to monitor all systems. Subscribe to our status page for system wide alerts.
Credit card payments are processed through Stripe without storing personal credit card information. Corporate invoicing is also available to Enterprise Tier customers. Stripe is a certified PCI Service Provider Level 1, which is the highest level of certification in the payments industry.