Trust Center

Your data.

Our top priority.

We recognize that data is the beating heart of your business — and that security and compliance are paramount when adopting or maintaining any new technology.

CockroachDB’s native enterprise security capabilities and integrations allow you to safeguard your data with industry best practices. We implement a range of infrastructure security and data governance controls to adhere to stringent regional and industry compliance requirements.

Native Security Capabilities

Manage security guardrails and operate confidently with built-in features.

Compliance Certifications

Network Security

Identity and Access Management

Data Protection and Privacy

Auditing and Logging

SOC 2 Type II

Cockroach Labs annually certifies its systems to meet AICPA SOC 2 Type II, which audits the operational and security processes of our service and our company.

PCI DSS

CockroachDB Dedicated has been certified against PCI-DSS SAQ-A and SAQ-D requirements, which indicate we safely handle credit card and payment data.

HIPAA

CockroachDB Dedicated is HIPAA-ready to safely store PHI data, as determined by an annual third-party risk assessment that evaluates the service against HIPAA’s security and breach notification rules.

Federal Information Processing Standard (FIPS) 140-2

Address FIPS requirements with a FIPS-ready binary for CockroachDB Self-hosted.

ISO 27001 & 27017

Cockroach Labs is certified ISO 27001 & 27017 compliant and is dedicated to securing customers' valuable information.

Privacy

We're committed to being transparent about our privacy practices. Below are links to documentation about our approach.

Since June 4, 2021, Cockroach Labs’ DPA relies on Standard Contractual Clauses to address Privacy Shield invalidation on July 16, 2020.

Talk to Sales

Reach out to schedule time with a CockroachDB expert to discuss your needs.