Cockroach Labs
Security and Trust Center

Your data. Our top priority.

We recognize that data is the beating heart of your business — and that security and compliance are paramount when adopting or maintaining any new technology.

CockroachDB’s native enterprise security capabilities and integrations allow you to safeguard your data with industry best practices. We implement a range of infrastructure security and data governance controls to adhere to stringent regional and industry compliance requirements.

Security of the highest standard

Native Security Capabilities

Manage security guardrails and operate confidently with built-in features.

Network Security

VPC Peering and PrivateLink

Secure network connectivity capabilities to avoid user-to-cluster traffic transiting the public network.

IP Allowlists

Configure specific source locations that could be used to access a cluster.

Identity and Access Management

Single Sign-On

Centralize authentication by integrating with common identity providers like Google, Okta, Active Directory, etc.

Role-Based Access Control

Set user permissions at the database or table level with fine-grained access control, down to the row and column level.

Data Protection & Privacy

Encryption at Rest

Use Customer Managed Encryption Keys to encrypt data files stored on your cluster disks and managed backups.

Encryption in Transit

Ensure data is secure in transit with TLS connections.

Data Masking

Mask or anonymize sensitive data beyond full data encryption.

Auditing and Logging

Comprehensive and configurable audit logging

Keep track of when and by whom your data is accessed for compliance purposes.

Compliance Certifications

Meet compliance standards required of many industries.

SOC Type 2

Cockroach Labs annually certifies its systems to meet AICPA SOC 2 Type II, which audits the operational and security
processes of our service and our company.

soc type 2

PCI DSS

CockroachDB dedicated has been certified against PCI-DSS SAQ-A requirements, which allow storage of cardholder
data. We are in the process of satisfying more stringent SAQ-D requirements.

Privacy

We're committed to being transparent about our privacy practices.
Below are links to documentation about our approach.

Data Processing Addendum (DPA) Since June 4, 2021 Cockroach Labs’ DPA relies on Standard Contractual Clauses to address Privacy Shield
invalidation on July 16, 2020