Live demo: Kafka streaming in 10 minutes on Confluent | Watch now

Trust & Security

Confluent's product offerings are designed to support the needs of our enterprise customers for security, compliance, and privacy. Learn More

Enterprise-grade Security

Confluent implements layered security controls designed to protect and secure Confluent customer data. To learn more about our Confluent security controls please visit our Security Portal where you may view our Security Whitepaper, request compliance certifications (ISO, SOC 2), and more.

Ensure Data Confidentiality

Confluent Cloud is uncompromising when it comes to data security. It secures your data through encryption at rest and in transit, and offers additional options,, including BYOK encryption and private networking connectivity.

  • Encrypt data at rest with Bring Your Own Key (BYOK) options
  • Data-in-motion encryption
  • Secure private network connectivity

Control Identity and Access Management

CConfluent offers rich Identity and Access Management controls that helps you manage and monitor where and who accesses the data.

Bug Bounty

Confluent is committed to working with industry experts and security researchers to ensure our products are the most secure they can be for our customers. Please note that our bug bounty program is currently invitation-only and we do not add researchers based on undisclosed issues. If you have found a security impacting issue, we encourage you to share your findings with us at bugbounty@confluent.io. Based on the nature of the issue and the quality of the report, you could potentially be eligible to join the program.

Penetration Testing

Confluent employs a third party security firm to perform Security, Vulnerability, and Penetration testing for all our products. These are run at least annually and findings are remediated according to their criticality and prioritization. Confluent's penetration and security assessment test summaries can be requested.

Compliance

Confluent's customers operate in many highly regulated industries including financial services, healthcare, government, energy, and high-tech. Confluent's built-in compliance covers many federal and international regulations as well industry specific mandates

SOC 1

SOC 1 Type 2 is a regularly refreshed report that focuses on user entities' internal control over financial reporting. We currently offer SOC 1 Type 2 reports for Confluent Cloud and Confluent Platform. Request Confluent's SOC 1 Type 2 reports.

SOC 2

SOC 2 Type 2 is a regularly refreshed report that focuses on non-financial reporting controls as they relate to security, availability, and confidentiality. We currently offer SOC 2 Type 2 reports for Confluent Cloud and Confluent Platform. Request Confluent's SOC 2 Type 2 reports.

SOC 3

SOC 3 is a general use report that focuses on non-financial reporting controls as they relate to security, availability, and confidentiality. We currently offer SOC 3 reports for Confluent Cloud and Confluent Platform. Download the SOC 3 report for Confluent Cloud and Confluent Platform

PCI DSS

The Payment Card Industry Data Security Standards (PCI DSS) is an information security standard designed to ensure that companies processing, storing, or transmitting payment card information maintain a secure environment. Customers shall not transmit cardholder or sensitive authentication data (as those terms are defined in the PCI DSS standards) unless such data is message-level encrypted by the customer. Request Confluent's Attestation of Compliance (AOC).

CSA Star Level 1

The Cloud Security Alliance (CSA) is the world's leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA's self-assessment tool is the Consensus Assessments Initiative Questionnaire (CAIQ).

ISO 27001

The International Organization for Standardization 27001 Standard (ISO 27001) provides a framework for Information Security Management Systems (ISMS) to support continued confidentiality, integrity, and availability of information. These certifications run for 3 years and have annual surveillance audits. Download Confluent's ISO 27001 Certification. Request Confluent's ISO 27001 Statement of Applicability (SoA).

Financial Services Regulation Compliance

Confluent has carried out a cross-functional stakeholder compliance initiative to evaluate its Confluent Cloud offering in the context of EMEA Financial Services Regulations, in particular the European Banking Authority’s (EBA) Guidelines on Outsourcing Arrangements (“EBA Guidelines”) as well as other Financial Services and Insurance (“FSI”) regulatory frameworks throughout the world, and has prepared the following suite of documentation which presents its positions with regard to these:

  1. Confluent Cloud - European Regulatory Positions Statement (EBA)
  2. Confluent Cloud Offering Mapping - EBA Outsourcing Guidelines
  3. AWS - EBA Financial Services Addendum - Summary and Customer Requests for Documentation
  4. Microsoft Customer Agreement - Confluent ISV Financial Services Amendment (EBA) - Summary and Requests for Documentation
  5. Confluent Cloud Services Agreement - Exit Assistance

TISAX

The ENX Association supports the Trusted Information Security Assessment Exchange (TISAX) on behalf of the German Association of the Automotive Industry (VDA). The TISAX Assessments are conducted by accredited audit providers that demonstrate their qualification at regular intervals. TISAX and TISAX results are not intended for the general public. The result (Scope-ID: S4PCMP; Assessment-ID: AV56AB-2) is exclusively available on request over the ENX Portal.

Privacy

Confluent is committed to being transparent about the data we handle and how we handle it. See Confluent's Privacy Policy.

CCPA Readiness

The California Consumer Privacy Act (CCPA) creates consumer rights relating to the access to, deletion of, and sharing of personal information that is collected by businesses. Confluent is committed to supporting its customers in their CCPA compliance efforts. Confluent's Data Processing agreement for Confluent Cloud customers addresses both GDPR and CCPA requirements.

HIPAA Readiness

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) regulates protecting the privacy and security of health information. Confluent can support HIPAA-related customer data after a Business Associate Agreement (BAA) has been properly executed with Confluent.

FAQs - Data Transfers in Connection to Confluent Cloud

Confluent is closely monitoring the developments in the privacy sphere. Confluent's Privacy Team has gathered and replied to frequently asked questions of clients when it comes to data transfers outside of the EEA in connection to Confluent Cloud.

Reliability

Confluent maintains Kafka clusters and data streams with 99.99% Uptime SLA, zero downtime and global availability

Leverage world-class expertise in Apache Kafka©

Confluent uses >3 million hours of expertise, operate >10,000 cloud-native Apache Kafka clusters and has a world class team for support, professional services, and training

Confluent Support

Kafka expertise at your fingertips

View now

Professional Services

Advisory services to accelerate your Kafka adoption

View now

Training

Access to hands-on training and certifications

Watch

Community

Meet fellow streamers across the globe

Join

SafeBase

Confluent's compliance and security documentation are available upon request on our Security Portal.