Project Metamorphosis: Unveiling the next-gen event streaming platformLearn More
Contact Us

Trust & Security

Confluent's product offerings are designed to support the needs of our enterprise customers for security, compliance, and privacy. Our customers operate in many highly regulated industries including financial services, healthcare, government, energy, and high-tech. We support security platforms at major financial institutions for information security use cases including security event management and fraud detection and response. Our customers include many of the largest institutions throughout the United States, Asia, and Europe.

Security Controls

Confluent implements layered security controls designed to protect and secure Confluent Cloud customer data. We incorporate multiple logical and physical security controls including access management, least privilege, strong authentication, logging and monitoring, vulnerability management, bug bounty programs, and many others. To learn more about our Confluent Cloud security controls, please see the Security Whitepaper here.

Compliance

SOC 1

SOC 1 Type 2 is a regularly refreshed report that focuses on user entities' internal control over financial reporting. We currently offer SOC 1 Type 2 reports for Confluent Cloud and Confluent Platform. Contact your Account Executive or Sales Development Representative to request Confluent’s SOC 1 Type 2 report.

SOC 2

SOC 2 Type 2 is a regularly refreshed report that focuses on non-financial reporting controls as they relate to security, availability, and confidentiality. We currently offer SOC 2 Type 2 reports for Confluent Cloud and Confluent Platform. Contact your Account Executive or Sales Development Representative to request Confluent’s SOC 2 Type 2 report.

SOC 3

SOC 3 is a general use report that focuses on non-financial reporting controls as they relate to security, availability, and confidentiality. We currently offer SOC 3 reports for Confluent Cloud and Confluent Platform. Click here to download the SOC 3 report for Confluent Cloud and click here for Confluent Platform

PCI DSS

The Payment Card Industry Data Security Standards (PCI DSS) is an information security standard designed to ensure that companies processing, storing, or transmitting payment card information maintain a secure environment. Customers shall not transmit cardholder or sensitive authentication data (as those terms are defined in the PCI DSS standards) unless such data is message-level encrypted by the customer. Confluent’s Attestation of Compliance (AOC) can be requested from your Account Executive or Sales Development Representative.

CSA Star Level 1

The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA’s self-assessment tool is the Consensus Assessments Initiative Questionnaire (CAIQ). Confluent’s CAIQ can be found here.

ISO 27001

The International Organization for Standardization 27001 Standard (ISO 27001) provides a framework for Information Security Management Systems (ISMS) to support continued confidentiality, integrity, and availability of information. These certifications run for 3 years and have annual surveillance audits. Download Confluent’s ISO 27001 Certification.

European Financial Services Regulation (EBA)

Confluent has completed a cross-functional compliance initiative to evaluate Confluent Cloud in the context of the European Banking Authority’s (EBA) Guidelines on Outsourcing Arrangements (“EBA Guidelines), and has prepared the following documentation which presents its positions with regard to these:
  1. European Financial Services Regulatory Positions Statement
  2. EBA Outsourcing Guidelines - Confluent Cloud Offering Mapping
  3. EBA Financial Services Addendum (AWS) - Customer Requests for Documentation
  4. Confluent Cloud Services Agreement - Exit Assistance

Privacy

Confluent is committed to being transparent about the data we handle and how we handle it. Confluent’s Privacy Policy can be found here.

GDPR Readiness

The General Data Protection Regulation (GDPR) regulates the use and protection of personal data originating from the European Economic Area (EEA) and provides individuals rights with regard to their data. Confluent is committed to supporting our customers in their GDPR compliance efforts. Confluent’s Data Processing Addendum for Confluent Cloud customers can be found here.

CCPA Readiness

The California Consumer Privacy Act (CCPA) creates consumer rights relating to the access to, deletion of, and sharing of personal information that is collected by businesses. Confluent is committed to supporting its customers in their CCPA compliance efforts. Confluent's Data Processing agreement for Confluent Cloud customers addresses both GDPR and CCPA requirements and can be found here.

HIPAA Readiness

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) regulates protecting the privacy and security of health information. Confluent can support HIPAA-related customer data after a Business Associate Agreement (BAA) has been properly executed with Confluent.

Bug bounty

Confluent is committed to working with industry experts and security researchers to ensure our products are the most secure they can be for our customers. Confluent partners with HackerOne in order to continuously improve our security posture. If you would like to be invited into our bug bounty program, please send a request to bugbounty@confluent.io.

System status

For high level availability information for the Confluent Cloud managed service visit our status page

This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising, and analytics partners.

Accept CookiesMore Information