Project Metamorphosis: Unveiling the next-gen event streaming platform. Learn More

Trust & Security

Confluent's product offerings are designed to support the needs of our enterprise customers for security, compliance, and privacy. Our customers operate in many highly regulated industries including financial services, healthcare, government, energy, and high-tech. We support security platforms at major financial institutions for information security use cases including security event management and fraud detection and response. Our customers include many of the largest institutions throughout the United States, Asia, and Europe.

Security Controls

Confluent implements layered security controls designed to protect and secure Confluent Cloud customer data. We incorporate multiple logical and physical security controls including access management, least privilege, strong authentication, logging and monitoring, vulnerability management, bug bounty programs, and many others.

Compliance

SOC 1

SOC 1 Type 2 is a regularly refreshed report that focuses on user entities' internal control over financial reporting. We currently offer SOC 1 Type 2 reports for Confluent Cloud and Confluent Platform. Request Confluent’s SOC 1 Type 2 reports here.

SOC 2

SOC 2 Type 2 is a regularly refreshed report that focuses on non-financial reporting controls as they relate to security, availability, and confidentiality. We currently offer SOC 2 Type 2 reports for Confluent Cloud and Confluent Platform. Request Confluent’s SOC 2 Type 2 reports here.

SOC 3

SOC 3 is a general use report that focuses on non-financial reporting controls as they relate to security, availability, and confidentiality. We currently offer SOC 3 reports for Confluent Cloud and Confluent Platform. Click here to download the SOC 3 report for Confluent Cloud and click here for Confluent Platform

PCI DSS

The Payment Card Industry Data Security Standards (PCI DSS) is an information security standard designed to ensure that companies processing, storing, or transmitting payment card information maintain a secure environment. Customers shall not transmit cardholder or sensitive authentication data (as those terms are defined in the PCI DSS standards) unless such data is message-level encrypted by the customer. Request Confluent’s Attestation of Compliance (AOC) here.

CSA Star Level 1

The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA’s self-assessment tool is the Consensus Assessments Initiative Questionnaire (CAIQ). Confluent’s CAIQ can be found here.

ISO 27001

The International Organization for Standardization 27001 Standard (ISO 27001) provides a framework for Information Security Management Systems (ISMS) to support continued confidentiality, integrity, and availability of information. These certifications run for 3 years and have annual surveillance audits. Download Confluent’s ISO 27001 Certification. Request Confluent’s ISO 27001 Statement of Applicability (SoA) here.

European Financial Services Regulation (EBA)

Confluent has completed a cross-functional compliance initiative to evaluate Confluent Cloud in the context of the European Banking Authority’s (EBA) Guidelines on Outsourcing Arrangements (“EBA Guidelines), and has prepared the following documentation which presents its positions with regard to these:

Privacy

Confluent is committed to being transparent about the data we handle and how we handle it. Confluent’s Privacy Policy can be found here.

GDPR Readiness

The General Data Protection Regulation (GDPR) regulates the use and protection of personal data originating from the European Economic Area (EEA) and provides individuals rights with regard to their data. Confluent is committed to supporting our customers in their GDPR compliance efforts. Confluent’s Data Processing Addendum for Confluent Cloud customers can be found here.

CCPA Readiness

The California Consumer Privacy Act (CCPA) creates consumer rights relating to the access to, deletion of, and sharing of personal information that is collected by businesses. Confluent is committed to supporting its customers in their CCPA compliance efforts. Confluent's Data Processing agreement for Confluent Cloud customers addresses both GDPR and CCPA requirements and can be found here.

HIPAA Readiness

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) regulates protecting the privacy and security of health information. Confluent can support HIPAA-related customer data after a Business Associate Agreement (BAA) has been properly executed with Confluent.

Bug bounty

Confluent is committed to working with industry experts and security researchers to ensure our products are the most secure they can be for our customers. Confluent partners with HackerOne in order to continuously improve our security posture. If you would like to be invited into our bug bounty program, please send a request to bugbounty@confluent.io.

System status

For high level availability information for the Confluent Cloud managed service visit our status page

Request Documentation

Show all

I have reviewed and agreed to the Non Disclosure Agreement(NDA)

Please add compliance@confluent.io to your trusted senders list to ensure you receive emails from us.
Some ad/script blockers may not play nice with the request form. You may need to disable them to ensure your request is successfully processed.
Only one document can be requested at a time. If you need to request multiple documents, please refresh the page.