Skip to content
Start free
Start free
Security

Compliance & Certifications

Meeting the highest international standards for data protection and operational security.

CrateDB is trusted by organizations that operate in highly regulated environments, from manufacturing and energy to SaaS.
Security and compliance are built into our DNA.

Through rigorous certification programs, auditing, and security governance, CrateDB ensures that your data platform aligns with global standards for confidentiality, integrity, and availability. Whether running CrateDB Cloud or self-managed deployments, you benefit from practices that meet enterprise-grade compliance requirements.

ISO 27001: Information Security Management

CrateDB Cloud is certified under ISO 27001, the internationally recognized standard for information security management systems (ISMS).
This certification confirms that CrateDB maintains formalized processes for:

  • Risk management and mitigation
  • Data confidentiality, integrity, and availability
  • Continuous monitoring and improvement of information security controls

ISO 27001 demonstrates that CrateDB follows strict governance and operational standards across its infrastructure, personnel, and software lifecycle.

View the official CrateDB ISO 27001 certificate >

iso27001_seal_grey_webversion_150x50px

SOC 2 Type 2: Trust and Accountability

CrateDB Cloud is SOC 2 Type 2 compliant on AWS and Azure, validating the security, availability, and confidentiality of the service.
This independent audit, conducted annually, assesses CrateDB’s controls across:

  • System security and data access
  • Availability and uptime
  • Confidentiality and data privacy practices

SOC 2 Type 2 compliance ensures that our managed services meet the expectations of enterprise and regulated customers for long-term operational reliability.

AICPA SOC 2 Type 2 Logo

Compliance

The General Data Protection Regulation (GDPR) regulates the use and protection of personal data originating from the European Economic Area (EEA) and provides individuals rights with regard to their data. CrateDB provides our customers the necessary capabilities for building GDPR compliance.

GDPR compliance logo

The California Consumer Privacy Act (CCPA) creates consumer rights relating to the access to, deletion of, and sharing of personal information that is collected by businesses. CrateDB is committed to supporting its customers in their CCPA compliance efforts.

CCPA-logo


The Health Insurance Portability and Accountability Act (HIPAA) was created in 1996 to govern the flow and sharing of personal health information (ePHI). CrateDB is HIPAA ready and enables covered entities and their business associates to leverage CrateDB to store, process, and analyze ePHI.

HIPAA compliance logo

 

cr-quote-image

Secure by design

Beyond certifications, CrateDB’s architecture and operational practices align with industry security frameworks and best practices:
  • Encryption at rest and in transit protects data across all layers.
  • Role-Based Access Control (RBAC) ensures principle-of-least-privilege enforcement.
  • Audit logging provides full traceability for compliance audits.
  • Vulnerability management and regular patching protect the system against emerging threats.
  • Cloud infrastructure hardening follows CIS and NIST best practices.
cr-quote-image

Why it matters

  • Regulatory readiness: Meet compliance requirements for GDPR, ISO, SOC 2, and other regional mandates.
  • Enterprise trust: Demonstrate data protection to partners, auditors, and customers.
  • Operational assurance: Proven controls for data security, incident management, and disaster recovery.
  • Peace of mind: A security program continuously monitored, audited, and improved by dedicated professionals.
cr-quote-image

CrateDB architecture guide

This comprehensive guide covers all the key concepts you need to know about CrateDB's architecture. It will help you gain a deeper understanding of what makes it performant, scalable, flexible and easy to use. Armed with this knowledge, you will be better equipped to make informed decisions about when to leverage CrateDB for your data projects. 

Download the white paper

CrateDB-Architecture-Guide-Cover

Additional resources

Want to learn more?

Contact us