White Hex icon
Introducing: A search & relevancy assessment from engineers, not theorists. Learn more
Purple Hex icon


Security and privacy are our highest priorities

At Bonsai, security and privacy are always a top concern. We are constantly evaluating the service and our vendors for vulnerabilities and flaws, and we will immediately address anything that could put our customers at risk.

To answer a number of frequently asked questions about how we keep your data secure, we published a blog entry, Six Important Facts about Bonsai Security, which remains up to date.

Security illustration

The highlights are

access controls icon

access controls

All Bonsai clusters are provisioned with a unique, randomized URL and have HTTP Basic Authentication enabled by default, using a randomly generated set of credentials. Under this scheme, it would take the world’s fastest super computer around 23.5 quadrillion years to guess.

Encrypted communications icons

Encrypted communications

All Bonsai clusters support SSL/TLS for encryption in transit. We use industry standard strength encryption to ensure your data is safe over the wire.

Encrypted at rest icon

Encrypted at rest

Bonsai clusters are provisioned on hardware that is encrypted at rest by default. In addition to Amazon’s physical security controls, this means your data is safe from physical theft.

Regular Snapshots icon

Regular Snapshots

All paid Bonsai clusters receive regular snapshots, which are stored in an offsite, encrypted S3 bucket in the same region as the cluster.

Firewalled icon


All Bonsai clusters are accessed via a custom-built, high-performance layer 7 routing proxy, and sit behind a tightly controlled firewall. This helps to ensure that the cluster and data are protected from port scans and unauthorized persons.

Advanced Networking icon

Advanced Networking

Bonsai can support IP whitelisting, and VPC Peering to users on single tenant clusters.

24/7, 365 Operational coverage for all clusters.

Bonsai monitors its infrastructure 24 hours a day, 365 days a year. The Operations Team is automatically alerted to any problems in real time, where one or more engineers will then respond to the event. This operational coverage is provided to all clusters, regardless of plan.

24/7 illustration

Your data is your data, period.

As mentioned above, privacy is a top priority at Bonsai. We are transparent about the data collected and how we use the data. We never sell your data, and we never will.

Green Hex icon

Vault Architecture


The multitenant class – sometimes called “shared” – is designed to allow clusters to share hardware resources while still being securely sandboxed from one another. This allows us to provide unparalleled performance per dollar at smaller scales. All Hobby and Standard plans use multitenant architecture.

single tenant

The single tenant class – sometimes called “dedicated” – maps one cluster to a private set of hardware resources. Because these resources are not shared with any other cluster, single tenant configurations provide maximum performance, security and customization. All Business and Enterprise plans use dedicated architecture.

Unmatched Encryption illustration

Unmatched Encryption

Bonsia partners with Titaniam to provide the industry’s most sophisticated encryption-at-work capabilities. And with Bonsai Vault, our fully-managed Elasticsearch platform, you can meet the most rigorous compliance standards while making Elasticsearch more reliable and efficient.

Green Hex icon

Bonsai is GDPR Compliant

Bonsai has never sold email addresses or private information, does not track users' activity across the web, and does not otherwise spy on users. We’ve taken the following measures to extend privacy protections of customers around the globe:

Purple Hex icon

Performed a software audit focused on collection and use of customer data, and purged some metrics deemed unnecessary for business.

Purple Hex icon

Removed third party integrations that do not comply with GDPR.

Purple Hex icon

Removed Facebook tracking pixels and replaced with GDPR-compliant frontend components.

Purple Hex icon

Created a process for our European customers to sign a Data Processing Agreement (DPA) with Bonsai. To sign a DPA, please reach out to support@bonsai.io.