Announcing SOC 2 and our commitment to privacy and security

Bitdrift flips observability on its head and is uniquely powerful and cost effective: we send no data by default, and instead use sophisticated local storage coupled with a real-time control plane to send only the data that is needed to understand customer experiences, and nothing more, yielding unmatched observability ROI. While we think both the capabilities and cost profile of our mobile observability offering are unparalleled, we understand how critical security and privacy are to our customers: telemetry directly from mobile devices includes PII of the most privacy sensitive nature: photos, locations, credit card numbers, search history, and so on. The systems that store and process this data must be built from the ground up with privacy and security a primary goal.

SOC 2 certification

SOC 2 is an industry standard compliance program aimed at documenting and auditing a wide range of internal controls that ultimately impact the security, availability, confidentiality, processing integrity, and privacy of customer data. We have invested significant engineering resources making sure that we adhere to the rigorous standards set forth by the specification. While we are announcing SOC 2 type I today, we are committing to a continuous auditing program and aim to achieve SOC 2 type II certification in the next 6-9 months. Update: We got our SOC 2 Type II certification, more information here. Achieving SOC 2 demonstrates our long term commitment to security and compliance and is a requirement for bitdrift usage at any large company.

Privacy and security focused observability

bitdrift was founded on the belief that privacy and security are a critical foundation of everything that we build and how we operate our business. This is especially critical for mobile observability where the amount of potential PII is staggering. Apart from our investment in foundational privacy and security controls via our SOC 2 compliance program, we have also built privacy and security into the Capture product as a first class concern. Some examples include:

1. The capture SDK and SaaS has been very carefully designed and audited to not collect any PII directly. (Obviously customers can manually collect telemetry with PII in it if they choose.)
2. Our novel session replay implementation is both extremely efficient and also designed from the ground up to be privacy conscious and free of PII. The majority of session replay solutions out there capture pixel perfect screen representations which mean that they can rarely be deployed at scale in production due to both performance and privacy concerns. The bitdrift Capture session replay implementation can be worry free deployed at scale!

We have some really exciting things on the roadmap that we think are going to even more fundamentally change the mobile observability privacy and security status quo so watch this space! Join us in the future of mobile observability! Capture is changing the mobile observability game by adding a control plane and local storage on every mobile device, providing extremely detailed telemetry when you need it, and none when you don’t. If lack of SOC 2 compliance was keeping you away, now is the time to give us a try! Interested in learning more? Check out the sandbox to get a hands-on feel for what working with Capture is like and then get in touch with us for a demo. Please join us in Slack as well to ask questions and give feedback! To request a SOC report, please contact us. Note that both existing and prospective customers will need to sign an NDA to access the report.