Yugabyte Security and Trust Center
Yugabyte Compliance Certifications and Authorizations
Our primary security/privacy objectives include being compliant with all the major security and compliance certifications and authorizations that our customers require, and to enable their compliance. We’re well on our way with that journey, and have established a security program based on the ISO 27001 security framework and audited by an independent accounting firm using the SSAE18 SOC 2 standards.
Yugabyte is working towards receiving a variety of industry-standard certifications and authorizations, and will update this list as we achieve different certifications and authorizations.
- SOC 2 Type 1: We received our SOC 2 Type 1 in February 2022 and are currently in the audit period for our SOC 2 Type 2. Interested organizations can receive our SOC 2 Type 1 Report by emailing us at [email protected].

While Yugabyte products cannot meet every regulatory requirement, Yugabyte has embedded capabilities into its products that can help customers work in accordance with the following compliance requirements:
- GDPR: Yugabyte features can help our customers meet their own GDPR compliance requirements. You can learn more about using YugabyteDB to help you achieve compliance with GDPR here.

- Subprocessors. We maintain a current list of companies authorized to process Customer Personal Information for YugabyteDB Managed, including the Subprocessor’s address, description of services provided and the lawful transfer mechanism.
- Data Processing Addendum. We incorporate a Data Processing Addendum into our YugabyteDB Managed Terms of Service that describes our technical and organizational measures meant to meet applicable data protection obligations.