Roles & permissions
Our best practice security approach
Bunny is currently in the process of completing SOC 2 TYPE II certification. As of the writing of this document we have completed more than half the requirements of SOC 2. This certification provides assurance that we are operating at a level that is in compliance or better than the standards outlined by the American Institute of Certified Public Accountants (AICPA).
We process all payments through PCI compliant payment gateway partners such as Stripe. Bunny does not store credit card details or card holder information.
Bunny operates servers hosted on Amazon Web Services (AWS). Access to AWS is heavily restricted.
Bunny operates several systems to monitor the health of our service and detect incidents. If a security incident occurs Bunny will notify all affected customers with undue delay.
Please report any vulnerabilities to firstname.lastname@example.org. We will immediately assign a ticket id number for each report and a member of our engineering team will reply back within 1 business day.