Rollbar is fully compliant with stringent industry standards
Rollbar has received its SOC 2 Type 1 and Type 2 compliance certifications.
Rollbar is fully HIPAA and HITECH Act compliant, and will sign Business Associate Agreements with you.
Rollbar is certified ISO27001 compliant through independent third-party audit and attestation.
Rollbar fully complies with EU GDPR and will sign a Data Processing Agreement with you.
We're always working to improve our security features, policies, and procedures
Security & Compliance policyIndependent testing and internal audits are conducted regularly
We conduct regular security training that meets HIPAA standards
We have a responsible disclosure policy for vulnerabilities found
Procedures are in place in the event of service disruptions and disasters
All data is encrypted at application level with AES-256 GCM encryption
SAML-based SSO, two-factor authentication, and policy-based access
Comprehensive and auditable logs of user activities
PII, PHI, PCI data filtering and removal, and custom data retention period
Our data center – where data is stored and encrypted at rest – is located in Iowa, USA, and operated by Google Cloud Platform, which is compliant with standards including AICPA SOC 2 and 3. Read more about their compliance here. We also utilize a global PoP network for fast & reliable experience.
Yes, you have the option to have Rollbar sign a BAA with you to ensure that we – as your business partner with access to PHI – is HIPAA-compliant. We offer standard BAA as an add-on to existing paid plans, or custom BAA as part of the Enterprise plan. Please contact Sales to learn more.
Yes. To maintain PCI-DSS compliance, you can use our SDKs to filter credit card numbers automatically. We encrypt data at rest, and store them in SOC 2-compliant data centers.
"Rollbar allows us to go from alerting to impact analysis and resolution in a matter of minutes. Without it we would be flying blind."