Security and Compliance
Bigeye is built to industry-leading security standards. We follow enterprise-grade practices to deliver data observability while protecting your data and ensuring compliance.
Security Feature | Service or Standard |
---|---|
Security Certification | SOC 2 Type 2 Report |
Cloud Infrastructure Provider | AWS |
Employee Background Checks | Checkr |
SSO Provider | Auth0 |
Data Encryption | AES-256 at rest, TLS v1.2 or higher in transit |
Issue Tracker | Linear |
Web Application Vulnerability Protection | AWS WAF Security Automation |
Architecture
Bigeye is available as a fully managed SOC 2 compliant SaaS, a single-tenant SaaS, or a self-hosted application for enterprise teams.
- Connections
Bigeye connects to data sources using read-only accounts via JDBC. Credentials to your data sources are stored on Bigeye servers hosted in AWS, are encrypted at rest, and cannot be accessed by Bigeye engineers.
-
Encryption
- Data at rest - Bigeye uses the third-party AWS-managed RDS that encrypts all of your data and metadata at rest. Our cloud infrastructure uses the open standard AES-256 encryption to encrypt user credentials and warehouse credentials.
- Data in transit - Bigeye uses encrypted connections (HTTPS and TLS) to protect the contents of data in transit.
-
Aggregates
Bigeye only collects aggregated statistics, query logs, and metadata about your data to perform monitoring and anomaly detection. All the data is extracted into its cloud service, which ensures that data never leaves your production environment.
- AWS PrivateLink
Bigeye can be connected to your AWS Virtual Private Cloud via Privatelink if desired, which keeps all traffic between Bigeye and a data source internal to AWS' network and off of public networks. PrivateLink for AWS is available as part of Bigeye Enterprise.

Access Controls
Manage team access with secure access and role-based permissions.
- SSO
Secure Sign-In via Okta, Ping Identity, and Azure AD is available for Bigeye Enterprise customers.
- Permissions
Bigeye connects to your data with read-only service accounts on your data sources. We only see data that the service account has access to, giving you total control over what data can be monitored. Only administrator-level users can add, edit, and delete connections to your data sources.
Organization Information Security
Bigeye has a formal and approved information security program. It has defined a set of internal policies and procedures to guide employees in data protection and privacy-related checks.
- Privacy and security training
Bigeye employees engage in privacy and security training during onboarding and are required to take the training annually thereafter. All Bigeye personnel is required to acknowledge, electronically, that they have attended training and understand the security policy.
- Hiring and termination policies
Bigeye follows documented procedures in response to changes in employment and/or termination, including the timely revocation of access and return of assets.
- Background checks
All Bigeye employees have background checks run through an industry-standard third-party service, Checkr.
- Confidentiality agreements
Bigeye requires all employees and contractors to sign an NDA as a condition of employment.
System Access & Authorization Control Policy
Access to account data is limited to a set of users with their assigned responsibilities. Additionally, we have a variety of tools in place to help keep our systems secure.
- Access restrictions
Bigeye follows need-to-know principles and limits access to its systems to ensure that only its Information Security Team and Chief Technology Officer can access customer data during incident response processes.
- Vulnerability scans
Bigeye conducts code reviews and performs vulnerability scans on all dependencies as part of its software engineering practices.
- Data processing addendum
Bigeye can provide a DPA on request.
-
Bigeye has a formal and enforced Acceptable Use Policy for computer use that meets SOC 2 Type 2 Requirements.
-
Penetration testing
Bigeye engages a third party to perform an annual penetration test over the application layers of the platform.
Data Security
Bigeye signs the Master Software Agreement with the customer to ensure their data privacy as well as to protect the security of its application.
- Security measures
Bigeye uses reasonable and appropriate technical and organizational safeguards on its Services designed to protect the confidentiality, integrity, and availability of Customer Personal Data that may be in Bigeye's custody.
- Security incident notification
If Bigeye becomes aware of a Security Incident, Bigeye shall notify the Customer without undue delay by email or, if the email is unavailable, by phone.
- Agent Model
By default, Bigeye uses an agentless model to connect to customer data sources—either through firewall whitelists, VPC peering, or SSH tunnels. For customer environments where an agentless connection is not feasible, either due to security requirements or environment-specific needs, we offer the Bigeye Agent.
Updated 3 months ago