Security and Compliance

Bigeye is built to industry-leading security standards. We follow enterprise-grade practices to deliver data observability while protecting your data and ensuring compliance.

Security FeatureService or Standard
Security CertificationSOC 2 Type 2 Report
Cloud Infrastructure ProviderAWS
Employee Background ChecksCheckr
SSO ProviderAuth0
Data EncryptionAES-256 at rest, TLS v1.2 or higher in transit
Issue TrackerLinear
Web Application Vulnerability ProtectionAWS WAF Security Automation

Architecture

Bigeye is available as a fully managed SOC 2 compliant SaaS, a single-tenant SaaS, or a self-hosted application for enterprise teams.

  • Connections

Bigeye connects to data sources using read-only accounts via JDBC. Credentials to your data sources are stored on Bigeye servers hosted in AWS, are encrypted at rest, and cannot be accessed by Bigeye engineers.

  • Encryption

    • Data at rest - Bigeye uses the third-party AWS-managed RDS that encrypts all of your data and metadata at rest. Our cloud infrastructure uses the open standard AES-256 encryption to encrypt user credentials and warehouse credentials.
    • Data in transit - Bigeye uses encrypted connections (HTTPS and TLS) to protect the contents of data in transit.
  • Aggregates

Bigeye only collects aggregated statistics, query logs, and metadata about your data to perform monitoring and anomaly detection. All the data is extracted into its cloud service, which ensures that data never leaves your production environment.

  • AWS PrivateLink

Bigeye can be connected to your AWS Virtual Private Cloud via Privatelink if desired, which keeps all traffic between Bigeye and a data source internal to AWS' network and off of public networks. PrivateLink for AWS is available as part of Bigeye Enterprise.

995

Access Controls

Manage team access with secure access and role-based permissions.

  • SSO

Secure Sign-In via Okta, Ping Identity, and Azure AD is available for Bigeye Enterprise customers.

  • Permissions

Bigeye connects to your data with read-only service accounts on your data sources. We only see data that the service account has access to, giving you total control over what data can be monitored. Only administrator-level users can add, edit, and delete connections to your data sources.

Organization Information Security

Bigeye has a formal and approved information security program. It has defined a set of internal policies and procedures to guide employees in data protection and privacy-related checks.

  • Privacy and security training

Bigeye employees engage in privacy and security training during onboarding and are required to take the training annually thereafter. All Bigeye personnel is required to acknowledge, electronically, that they have attended training and understand the security policy.

  • Hiring and termination policies

Bigeye follows documented procedures in response to changes in employment and/or termination, including the timely revocation of access and return of assets.

  • Background checks

All Bigeye employees have background checks run through an industry-standard third-party service, Checkr.

  • Confidentiality agreements

Bigeye requires all employees and contractors to sign an NDA as a condition of employment.

System Access & Authorization Control Policy

Access to account data is limited to a set of users with their assigned responsibilities. Additionally, we have a variety of tools in place to help keep our systems secure.

  • Access restrictions

Bigeye follows need-to-know principles and limits access to its systems to ensure that only its Information Security Team and Chief Technology Officer can access customer data during incident response processes.

  • Vulnerability scans

Bigeye conducts code reviews and performs vulnerability scans on all dependencies as part of its software engineering practices.

  • Data processing addendum

Bigeye can provide a DPA on request.

  • Bigeye has a formal and enforced Acceptable Use Policy for computer use that meets SOC 2 Type 2 Requirements.

  • Penetration testing

Bigeye engages a third party to perform an annual penetration test over the application layers of the platform.

Data Security

Bigeye signs the Master Software Agreement with the customer to ensure their data privacy as well as to protect the security of its application.

  • Security measures

Bigeye uses reasonable and appropriate technical and organizational safeguards on its Services designed to protect the confidentiality, integrity, and availability of Customer Personal Data that may be in Bigeye's custody.

  • Security incident notification

If Bigeye becomes aware of a Security Incident, Bigeye shall notify the Customer without undue delay by email or, if the email is unavailable, by phone.

  • Agent Model

By default, Bigeye uses an agentless model to connect to customer data sources—either through firewall whitelists, VPC peering, or SSH tunnels. For customer environments where an agentless connection is not feasible, either due to security requirements or environment-specific needs, we offer the Bigeye Agent.