Last Updated: October 27, 2022
Application security
The Bunny engineering team strives to write secure code that aligns with industry best practice. We do peer reviews to ensure code quality and perform static code analysis to detect vulnerabilities that may exist in our dependencies.
Authentication
By default all Bunny user accounts are passwordless and accessed via
email. Bunny also supports SAML based single sign-on and user accounts
can be provisioned or deprovisioned from identity providers that support
the SCIM protocol.
Roles & permissions
Bunny is used by several types of users, from sales representatives
through to developers and finance executives. With this in mind we offer
role based access controls to limit the scope of data that each type of
user can view or modify.
Secure access
Bunny requires HTTPS for access to our application, quote, payment and
invoice portals as well as API.
API
Bunny utilizes the OAuth2.0 protocol to enforce secure access to our
APIs.
Our best practice security approach
Bunny is SOC 2 TYPE II certified. This certification provides
assurance that we are operating at a level that is in compliance or
better than the standards outlined by the American Institute of
Certified Public Accountants (AICPA).
We process all payments through PCI compliant payment gateway partners
such as Stripe. Bunny does not store credit card details or card
holder information.
Bunny operates servers hosted on Amazon Web Services (AWS). Access to
AWS is heavily restricted.
Bunny operates several systems to monitor the health of our service
and detect incidents. If a security incident occurs Bunny will notify
all affected customers with undue delay.
Please report any vulnerabilities to security@bunny.com . We will
immediately assign a ticket id number for each report and a member of
our engineering team will reply back within 1 business day.