As part of our deep commitment to security and peace of mind for our customers and users, PubNub has completed a SOC 3 audit, making independent verification of its security controls readily available to the public.
Engineering trust at scale with SOC 3 compliance
SOC 2 and SOC 3 reports both verify the same thing: whether an organization's systems meet Trust Services Criteria for security, availability, confidentiality, and privacy. The difference is what they include and who can see them. SOC 2 reports contain detailed descriptions of how controls work: testing procedures, system configurations, operational workflows. That level of detail is sensitive, so companies share SOC 2 reports only with customers and partners under NDA. SOC 3 reports remove those operational specifics but keep the auditor's opinion on whether controls are effective. That makes them safe for public distribution. If you're evaluating PubNub or already using it, here's what that means for you.
Why this matters: Reducing risk early in evaluations
If you work in healthcare, financial services, or any regulated industry, your security and procurement teams need evidence that vendors protect data properly. Until now, that meant requesting PubNub's SOC 2 report which is a detailed document shared only under NDA during commercial discussions.
The SOC 3 report covers the same ground but strips out operational details to allow public distribution. You can now verify that an independent auditor examined PubNub's security, availability, confidentiality, and privacy controls before you start contract negotiations.
What has been audited: Comprehensive coverage across PubNub’s platform
Our independent third-party audit firm conducted a comprehensive 12 months examining PubNub's infrastructure and operations. They verified controls across four areas:
- Security: Protection against unauthorized access to systems and data
- Availability: Maintaining service uptime across redundant global infrastructure
- Confidentiality: Keeping your data private through encryption in transit and at rest
- Privacy: Handling personal information according to stated policies
The audit covered PubNub's full stack of services, including our core messaging platform, administrative portal, Functions and Integrations, Events and Actions, and analytics products. Auditors tested access controls, monitoring systems, incident response procedures, and encryption implementations.They went beyond just reviewed documentation.
Adding SOC 3 to PubNub’s global compliance portfolio: What changes for you
If you're a current customer: Nothing about PubNub's security posture has changed. This report documents controls that were already in place.
If you're evaluating PubNub: You can now assess vendor risk during initial research instead of waiting for procurement. The public report answers questions about security controls that previously required an NDA and direct vendor engagement.
If you're in a regulated industry: This adds public verification to PubNub's existing compliance stack, which includes SOC 2 Type 2, ISO/IEC 27001:2022, HIPAA, and GDPR.
The SOC 3 report is available at www.pubnub.com/trust/compliance/.
