At Bonsai, security and privacy are always a top concern. We are constantly evaluating the service and our vendors for vulnerabilities and flaws, and we will immediately address anything that could put our customers at risk.
To answer a number of frequently asked questions about how we keep your data secure, we published a blog entry, Six Important Facts about Bonsai Security, which remains up to date.
All Bonsai clusters are provisioned with a unique, randomized URL and have HTTP Basic Authentication enabled by default, using a randomly generated set of credentials. Under this scheme, it would take the world’s fastest super computer around 23.5 quadrillion years to guess.
All Bonsai clusters support SSL/TLS for encryption in transit. We use industry standard strength encryption to ensure your data is safe over the wire.
Bonsai clusters are provisioned on hardware that is encrypted at rest by default. In addition to Amazon’s physical security controls, this means your data is safe from physical theft.
All paid Bonsai clusters receive regular snapshots, which are stored in an offsite, encrypted S3 bucket in the same region as the cluster.
All Bonsai clusters are accessed via a custom-built, high-performance layer 7 routing proxy, and sit behind a tightly controlled firewall. This helps to ensure that the cluster and data are protected from port scans and unauthorized persons.
Bonsai can support IP whitelisting, and VPC Peering to users on single tenant clusters.
Bonsai monitors its infrastructure 24 hours a day, 365 days a year. The Operations Team is automatically alerted to any problems in real time, where one or more engineers will then respond to the event. This operational coverage is provided to all clusters, regardless of plan.
As mentioned above, privacy is a top priority at Bonsai. We are transparent about the data collected and how we use the data. We never sell your data, and we never will.
The multitenant class – sometimes called “shared” – is designed to allow clusters to share hardware resources while still being securely sandboxed from one another. This allows us to provide unparalleled performance per dollar at smaller scales. All Hobby and Standard plans use multitenant architecture.
The single tenant class – sometimes called “dedicated” – maps one cluster to a private set of hardware resources. Because these resources are not shared with any other cluster, single tenant configurations provide maximum performance, security and customization. All Business and Enterprise plans use dedicated architecture.
Bonsia partners with Titaniam to provide the industry’s most sophisticated encryption-at-work capabilities. And with Bonsai Vault, our fully-managed Elasticsearch platform, you can meet the most rigorous compliance standards while making Elasticsearch more reliable and efficient.
Bonsai has never sold email addresses or private information, does not track users' activity across the web, and does not otherwise spy on users. We’ve taken the following measures to extend privacy protections of customers around the globe:
Performed a software audit focused on collection and use of customer data, and purged some metrics deemed unnecessary for business.
Removed third party integrations that do not comply with GDPR.
Removed Facebook tracking pixels and replaced with GDPR-compliant frontend components.
Created a process for our European customers to sign a Data Processing Agreement (DPA) with Bonsai. To sign a DPA, please reach out to email@example.com.