| Scaler Pro | Enterprise multi-tenant | Enterprise single-tenant | PlanetScale Managed | |
|---|---|---|---|---|
| Encryption of data (at rest and in transit) | ||||
| SOC 1 Type 2 available | ||||
| SOC 2 Type 2+ HIPAA available | ||||
| IP restrictions (Vitess only) | ||||
| Audit logs | ||||
| Security logs | ||||
| Data Processing Addendum available | ||||
| Private database connectivity | ||||
| Single sign-on (SSO) | Available as add-on | |||
| Business Associate Agreements available | Available as add-on | |||
| Dedicated AWS/GCP account | ||||
| PCI compliant | ||||
| Your own AWS/GCP account |
Available on all PlanetScale plans
Private database connectivity
By default, all PlanetScale connections are encrypted and routed through the public Internet. Optionally, you can connect privately to databases through AWS PrivateLink or GCP Private Service Connect.SOC 1 Type 2 & SOC 2 Type 2+ HIPAA
PlanetScale continuously monitors and reports primarily using System and Organization Controls (SOC) 1 & 2 Type 2 paired with the HIPAA Security Rule. To request access to our latest reports, please visit PlanetScale’s Trust Center.Data security
Encryption of data
PlanetScale databases and their client communications are AES encrypted throughout the PlanetScale platform, both in transit and at rest.At rest
Data is encrypted at rest on the underlying storage media that serves database branches and also the underlying storage media that hosts your PlanetScale database backups. This helps mitigate the risk of unintentional or malicious access to user data on storage systems.In transit
Data in transit to PlanetScale databases is encrypted and goes through three major paths:- The PlanetScale CLI, leverages TLS when initiating a connection to PlanetScale’s API and Edge.
- PlanetScale connection strings require the successful establishment of a TLS session before any SQL commands can be issued.
- TLS is used to secure all data transmitted between PlanetScale and clients using PlanetScale Connect.
Additional data protection controls
Communications to the PlanetScale API and Dashboard are encrypted using TLS 1.3. Certificates are issued by established third-party certificate authorities.General Data Protection Regulation (GDPR)
PlanetScale offers database services in Amazon Web Services and Google Cloud Platform regions around the world. PlanetScale complies with the EU General Data Protection Regulation (GDPR) and other global privacy regulations, where applicable. Customers are responsible for their applications’ compliance with regulatory requirements, including as they relate to data subjects of their systems.Data Processing Addendum
All PlanetScale plans are covered by our Data Processing Addendum (DPA). Markups are accepted for addendums on all PlanetScale Enterprise plans. Contact us to talk more about PlanetScale Enterprise plans and changes to our DPA.Data locality
The infrastructure supporting user databases, backups, etc., is in the provider (AWS or GCP) and region where the database is created. Any read-only replicas in other geographies will copy the data set to the selected regions. The following are two examples of data locality in PlanetScale:- If you create a database in a US-based region, all data, including customer data, is stored and processed in the US, except in cases where sub-processors are identified as having other locations.
- If you create a database in a Europe-based region, your data does not leave the region the database was created in, unless you create a read-only region in another region.
Available on all Enterprise plans
HIPAA and Business Associate Agreements
PlanetScale can enter into Business Associate Agreements (BAAs) with customers who purchase Business support, an Enterprise plan, or qualify for our startup pricing. Please reach out for more information, and we’ll be in touch shortly. The customer must determine whether they are a Covered Entity — or a Business Associate of a Covered Entity — as defined under HIPAA. If so, the customer may require a BAA with PlanetScale for the purposes of our relationship. Responsibility around HIPAA compliance between PlanetScale and the customer is implemented using a shared responsibility model. While PlanetScale Enterprise plans provide a secure and compliant infrastructure for the storage and processing of Protected Health Information (PHI), the customer is ultimately responsible for ensuring that the environment and applications that they build on top of PlanetScale are properly configured and secured according to HIPAA requirements. The Department of Health and Human Services does not recognize any formal certification for HIPAA. PlanetScale systems, software, networks, and procedures are consistent with the controls outlined in the relevant rules.Additional audit logging features
In addition to the audit log feature available to all PlanetScale plans, Enterprise plans can use our EventBridge configuration to send logs to your AWS account. Ask your PlanetScale account manager for more information on how to set it up.NoteIf you have any questions or concerns related to the security and compliance of any PlanetScale Enterprise plans, please contact us, and we will be happy to discuss them further.
Available on Enterprise single-tenant plans
PlanetScale offers two single-tenant deployment options: Single-tenant and PlanetScale Managed for organizations that require a single-tenant environment. See the section below for more information on PlanetScale Managed-only security and compliance features.NoteContact us if you are interested in exploring PlanetScale single-tenant deployment options for your organization.