Security and Compliance

Bigeye is built to industry-leading security standards and follows enterprise-grade practices to deliver data observability while protecting your data and ensuring compliance.

Security FeatureService or Standard
Security CertificationSOC 2 Type 2 Report
Cloud Infrastructure ProviderAWS
Employee Background ChecksCheckr
SSO ProviderAuth0
Data EncryptionAES-256 at rest, TLS v1.2 or higher in transit
Issue TrackerLinear
Web Application Vulnerability ProtectionAWS WAF Security Automation


Bigeye is a fully managed SOC 2-compliant SaaS application.

Database connections

Bigeye offers two setup options to connect your data source: direct connection or via an in-network agent. For a simple and easy setup, use a direct connection as it requires you to allow-list Bigeye’s IP address, create a read-only service account in the data source, and add those credentials to Bigeye.

Alternatively, you can provision an agent in your network to allow Bigeye to connect to your data sources. This adds additional layers of security for your data source over a traditional direct connection. To know more about connection options, see Connect to Bigeye: Data Sources.


Bigeye connects to data sources using read-only accounts via JDBC.

When you use a direct connection, credentials to your data sources are stored on Bigeye servers hosted in AWS, are encrypted at rest, and cannot be accessed by Bigeye engineers.

When you use a network agent connection, credentials to your data sources are stored on your infrastructure and never shared with Bigeye.


  • Data at rest - Bigeye uses the third-party AWS-managed RDS that encrypts all of your data and metadata at rest. The cloud infrastructure uses the open standard AES-256 encryption to encrypt user and warehouse credentials.
  • Data in transit - Bigeye uses encrypted connections (HTTPS and TLS) to protect the contents of data in transit.

AWS PrivateLink

If you want to use a direct connection with extra security measures, connect Bigeye to your AWS Virtual Private Cloud via Privatelink. This keeps all traffic between Bigeye and a data source internal to the AWS network and off of public networks. PrivateLink for AWS is available as part of Bigeye Enterprise.

Access Controls

Bigeye admins have flexible control over user access in the application.


Secure Sign-In via Okta, Ping Identity, and Azure AD is available for Bigeye Enterprise customers.

Users, groups, and workspaces

Enterprises can organize their work in Bigeye using workspaces and groups to ensure that each team manages and monitors their data independently. To know more, see Manage your Team.

Data permissions

Bigeye connects to your data with read-only service accounts on your data sources. Bigeye only sees data that the service account has access to, giving you total control over what data can be monitored. Only users who have manage access to a workspace can add, edit, and delete connections to your data sources.

Data Security

Bigeye signs the Master Software Agreement with the customer to ensure their data privacy as well as to protect the security of its application.


Bigeye only collects aggregated statistics, query logs, and metadata about your data to perform monitoring and anomaly detection. All the data is extracted into its cloud service, which ensures that data never leaves your production environment.

Security measures

Bigeye uses reasonable and appropriate technical and organizational safeguards on its Services designed to protect the confidentiality, integrity, and availability of Customer Personal Data that may be in Bigeye's custody.

Security incident notification

If Bigeye becomes aware of a Security Incident, Bigeye shall notify the Customer without undue delay by email or, if the email is unavailable, by phone.

Organization Information Security

Bigeye has a formal and approved information security program. It has defined internal policies and procedures to guide employees in data protection and privacy-related checks.

Privacy and security training

Bigeye employees engage in privacy and security training during onboarding and must take the training annually thereafter. All Bigeye personnel must acknowledge, electronically, that they have attended training and understand the security policy.

Hiring and termination policies

Bigeye follows documented procedures in response to changes in employment and/or termination, including the timely revocation of access and return of assets.

Background checks

All Bigeye employees have background checks run through an industry-standard third-party service, Checkr.

Confidentiality agreements

Bigeye requires all employees and contractors to sign an NDA as a condition of employment.

System Access and Authorization Control Policy

Access to account data is limited to a set of users with their assigned responsibilities. Additionally, Bigeye has various tools to help keep all systems secure.

Access restrictions

Bigeye follows need-to-know principles and limits access to its systems to ensure that only its Information Security Team and Chief Technology Officer can access customer data during incident response processes.

Vulnerability scans

Bigeye conducts code reviews and performs vulnerability scans on all dependencies as part of its software engineering practices.

Data processing addendum

Bigeye can provide a DPA on request.

Penetration testing

Bigeye engages a third party to perform an annual penetration test over the application layers of the platform.

Acceptable use policy

Bigeye has a formally enforced Acceptable Use Policy for computer use that meets SOC 2 Type 2 Requirements.