Security Statement
We respect your privacy and make significant efforts to protect your data. We go to considerable lengths to ensure that all data sent to Bubbl.us is handled securely—keeping Bubbl.us secure is fundamental to our business. As you continue to learn more about Bubbl.us we recommend you also review our Terms of Service and Privacy Policy. The following is what we're doing to keep your data and our infrastructure safe.
System Architecture
Data encryption
All traffic on Bubbl.us runs over HTTPS, the most common and trusted communications protocol on the internet.
Physical security
Our information systems infrastructure is hosted on Amazon Web Services (AWS). AWS data centers are housed in nondescript facilities and employ strict safety measures to ensure data security.
Network protection
To provide rigorous access controls, we have both network layer (IP) and transport layer (TCP) firewalls that segregate network traffic between application tiers. Our network is built using Amazon's secure Virtual Private Cloud (VPC) technology, adding an extra layer of protection against intrusion.
Secure data centers
We have partnered with Amazon Web Services (AWS) to provide our web and data services because of their stringent security measures, which include compliance with the following certifications:
- SAS70 Type II audits
- Payment Card Industry (PCI) Data Security Standard (DSS)
- ISO 27001 certification
Disaster recovery and backups
Application database backups for Bubbl.us occur daily and are retained for seven days.
Regularly-updated infrastructure
Our software infrastructure is updated regularly with the latest security patches.
Content Security
Permission controls
By default, all your mind maps and files are private unless you share them. To provide technical support, an administrator of your account may grant Bubbl.us Support permission to access an account to resolve a specified issue.
Password authentication
Bubbl.us supports sign-on with a unique username and password or single sign-on with Google.
Only hashes of passwords are stored by our servers—never the passwords themselves.
Individual user identity is authenticated and re-verified with each transaction, using a unique token created at login.
Data Ownership
Whether it’s corporate intellectual property, personal information, or a homework assignment, Bubbl.us does not own the data. We do not use your data for advertising. The data you entrust to us remains yours.
Billing information
Stripe (https://stripe.com) powers the payment processing for thousands of businesses. We have partnered with Stripe to provide our payment processing because of their stringent security measures. Your billing information is not stored on our servers. All billing information is encrypted and passed directly to Stripe using a secure HTTPS connection. Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available.