[Webinar] Kafka Re-Architected for the Cloud with Kora Engine → Register Today!

Trust & Security

Confluent's product offerings are designed to support the needs of our enterprise customers for security, compliance, and privacy. Learn More

Enterprise-grade Security

Confluent implements layered security controls designed to protect and secure Confluent customer data. To learn more about our Confluent security controls please visit our Security Portal where you may view our Security Whitepaper, request compliance certifications (ISO, SOC 2), and more.

Ensure Data Confidentiality

Confluent Cloud is uncompromising when it comes to data security. It secures your data through encryption at rest and in transit, and offers additional options,, including BYOK encryption and private networking connectivity.

  • Encrypt data at rest with Bring Your Own Key (BYOK) options
  • Data-in-motion encryption
  • Secure private network connectivity

Control Identity and Access Management

Confluent offers rich Identity and Access Management controls that helps you manage and monitor where and who accesses the data.

Bug Bounty

Confluent is committed to working with industry experts and security researchers to ensure our products are the most secure they can be for our customers. Please note that our bug bounty program is currently invitation-only and we do not add researchers based on undisclosed issues. If you have found a security impacting issue, we encourage you to share your findings with us at security@confluent.io. Based on the nature of the issue and the quality of the report, you could potentially be eligible to join the program.

Penetration Testing

Confluent employs a third party security firm to perform Security, Vulnerability, and Penetration testing for all our products. These are run at least annually and findings are remediated according to their criticality and prioritization. Confluent's penetration and security assessment test summaries can be requested.

Compliance

Confluent's customers operate in many highly regulated industries including financial services, healthcare, government, energy, and high-tech. Confluent's built-in compliance covers many federal and international regulations as well industry specific mandates

SOC 1

SOC 1 Type 2 is a regularly refreshed report that focuses on user entities' internal control over financial reporting. We currently offer SOC 1 Type 2 reports for Confluent Cloud and Confluent Platform. Request Confluent's SOC 1 Type 2 reports.

SOC 2

SOC 2 Type 2 is a regularly refreshed report that focuses on non-financial reporting controls as they relate to security, availability, and confidentiality. We currently offer SOC 2 Type 2 reports for Confluent Cloud and Confluent Platform. Request Confluent's SOC 2 Type 2 reports.

SOC 3

SOC 3 is a general use report that focuses on non-financial reporting controls as they relate to security, availability, and confidentiality. We currently offer SOC 3 reports for Confluent Cloud and Confluent Platform. Download the SOC 3 report for Confluent Cloud and Confluent Platform

PCI DSS

The Payment Card Industry Data Security Standards (PCI DSS) is an information security standard designed to ensure that companies processing, storing, or transmitting payment card information maintain a secure environment. Customers shall not transmit cardholder or sensitive authentication data (as those terms are defined in the PCI DSS standards) unless such data is message-level encrypted by the customer. Request Confluent's Attestation of Compliance (AOC).

CSA Star Level 1

The Cloud Security Alliance (CSA) is the world's leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA's self-assessment tool is the Consensus Assessments Initiative Questionnaire (CAIQ).

ISO 27001

The International Organization for Standardization 27001 Standard (ISO 27001) provides a framework for Information Security Management Systems (ISMS) to support continued confidentiality, integrity, and availability of information. These certifications run for 3 years and have annual surveillance audits. Download Confluent's ISO 27001 Certification. Request Confluent's ISO 27001 Statement of Applicability (SoA).

Financial Services Regulation Compliance

Confluent has carried out a cross-functional stakeholder compliance initiative to evaluate its Confluent Cloud offering in the context of EMEA Financial Services Regulations, in particular the European Banking Authority’s (EBA) Guidelines on Outsourcing Arrangements (“EBA Guidelines”) as well as other Financial Services and Insurance (“FSI”) regulatory frameworks throughout the world, and has prepared the following suite of documentation which presents its positions with regard to these:

  1. Confluent Cloud - European Regulatory Positions Statement (EBA)
  2. Confluent Cloud Offering Mapping - EBA Outsourcing Guidelines
  3. AWS - EBA Financial Services Addendum - Summary and Customer Requests for Documentation
  4. Microsoft Customer Agreement - Confluent ISV Financial Services Amendment (EBA) - Summary and Requests for Documentation
  5. Confluent Cloud Services Agreement - Exit Assistance

TISAX

The ENX Association supports the Trusted Information Security Assessment Exchange (TISAX) on behalf of the German Association of the Automotive Industry (VDA). The TISAX Assessments are conducted by accredited audit providers that demonstrate their qualification at regular intervals. TISAX and TISAX results are not intended for the general public. The result (Scope-ID: S4PCMP; Assessment-ID: AV56AB-2) is exclusively available on request over the ENX Portal.

HITRUST

The HITRUST Common Security Framework (CSF) is a certifiable framework that leverages internationally accepted standards and frameworks-including ISO, NIST, HIPAA, GDPR, and PCI–to help healthcare organizations and their providers demonstrate their security and compliance. The certification is refreshed annually and focuses on implementation, for greater assurance that control requirements are in place and operating as intended.

Download Confluent’s Letter of HITRUST Implemented, 1-year (i1) Certification here.

Privacy

Confluent is committed to being transparent about the data we handle and how we handle it. See Confluent's Privacy Policy.

ISO 27701

The International Organization for Standardization 27701:2019 Standard (ISO 27701) provides an international framework for managing privacy information in relation to the processing of personal data. This international standard is designed to help organizations comply with privacy laws and regulations, including the General Data Protection Regulation (GDPR), which is the EU’s comprehensive data protection regulation. These certifications run for 3 years and have annual surveillance audits. Download Confluent’s ISO 27701 Certification.

GDPR Readiness

The General Data Protection Regulation (GDPR) regulates the use and protection of personal data originating from the European Economic Area (EEA) and provides individuals rights with regard to their data. Confluent is committed to supporting our customers in their GDPR compliance efforts. See Confluent Cloud Data Processing Addendum.

CCPA Readiness

The California Consumer Privacy Act (CCPA) creates consumer rights relating to the access to, deletion of, and sharing of personal information that is collected by businesses. Confluent is committed to supporting its customers in their CCPA compliance efforts. The Confluent Cloud Data Processing Addendum addresses both GDPR and CCPA requirements.

HIPAA Readiness

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) regulates protecting the privacy and security of health information. Confluent can support HIPAA-related customer data after a Business Associate Agreement (BAA) has been properly executed with Confluent.

LGPD Readiness

The Lei Geral de Proteção de Dados Pessoais (LGPD) is a comprehensive data protection law in Brazil that aims to safeguard the privacy rights of individuals by regulating the collection, processing and storage of personal data. Confluent is committed to supporting its customers in their LGPD compliance efforts. Confluent’s LGPD Addendum for Confluent Cloud addresses material requirements of the LGPD.

FAQs - Data Transfers in Connection to Confluent Cloud

Confluent is closely monitoring the developments in the privacy sphere. Confluent's Privacy Team has gathered and replied to frequently asked questions of clients when it comes to data transfers outside of the EEA in connection to Confluent Cloud.

Confluent Guidelines for Law Enforcement

We believe customers deserve to understand our practices for responding to Third Party Authority Requests. The Confluent Guidelines for Law Enforcement outlines such practices, as well as inform Third Party Authorities about the process for requesting Customer Data from Confluent.

Transparency Report

Once per year Confluent publishes the Transparency Report, which outlines the number of requests for Customer Data received by Confluent from Third-Party Authorities. Up to December 31st, 2022, Confluent has not received any Third-Party Authority Request.

Reliability

Confluent maintains Kafka clusters and data streams with 99.99% Uptime SLA, zero downtime and global availability

Leverage world-class expertise in Apache Kafka©

Confluent uses >3 million hours of expertise, operate >10,000 cloud-native Apache Kafka clusters and has a world class team for support, professional services, and training

Confluent Support

Kafka expertise at your fingertips

View now

Professional Services

Advisory services to accelerate your Kafka adoption

View now

Training

Access to hands-on training and certifications

Watch

Community

Meet fellow streamers across the globe

Join

SafeBase

Confluent's compliance and security documentation are available upon request on our Security Portal.