Common Privacy & Security Questions

PubNub processes customer data through a leading cloud service provider. All processing and optional message storage occur within that environment.

Customers can choose US-only, EU-only, or APAC-only data residency options.

Customers decide what data moves through PubNub’s network. PubNub functions solely as a data processor and transport layer and does not inspect or collect end-user data.

Under our Data Processing Addendum (DPA), customers specify the types of personal or sensitive data they transmit.

Only authorized PubNub personnel have access, following the principle of least privilege. Access is reviewed regularly and removed immediately when roles change or employment ends. Subprocessors do not have direct access to customer data.

Yes. Employees and contractors undergo background screening before hire and must sign confidentiality and intellectual-property agreements. All staff complete mandatory security and privacy training at onboarding and annually.

Yes. Customer data is logically separated within PubNub’s multi-tenant infrastructure and protected by unique keys and identifiers. Physical resources are shared but isolated at the virtual and database layers.

Yes. All data is encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption within our cloud environment.

Data retention is governed by customer configuration and contractual requirements. Unless message storage is explicitly enabled, data is automatically deleted in the normal course of business. For detailed information, please refer to PubNub’s Terms and Conditions and Privacy Policy.

Customers can delete data via the Delete API, retrieve data with the History API, or delete and republish corrected messages. Account and billing details can be updated through the PubNub Admin Portal.

No. PubNub does not sell or share personal information with third parties. Data is used only to deliver and support contracted services, as outlined in our Privacy Policy.

PubNub engineers follow OWASP Top 10 secure-development standards, with peer review, automated scanning, and regular code analysis to identify and fix vulnerabilities before release.

Yes. You can view current and historical uptime at status.pubnub.com. Any incidents or maintenance events are posted there in real time.

PubNub’s globally distributed, microservices-based architecture provides high availability and fault tolerance. Multiple regions and availability zones ensure continuity even if a data center becomes unavailable.

Select enterprise customers receive a 99.999% SLA; all other services maintain a 99.9% uptime SLA.

PubNub employs automated monitoring and alerting to detect anomalies in near real time. Confirmed incidents follow our Incident Response Plan, which includes escalation, containment, and customer notification within required time frames (for example, 72 hours under GDPR).

Yes. PubNub maintains a formal Bug Bounty Policy and encourages responsible disclosure of potential vulnerabilities. Security researchers may report issues to support@pubnub.com. All submissions are reviewed in accordance with PubNub’s vulnerability management process, and validated findings are remediated based on severity and impact.

All subprocessors undergo security and privacy due diligence reviews before engagement and are reassessed annually. Each maintains appropriate certifications such as SOC 2 and/or ISO 27001, and all processing is governed by written agreements and DPAs.

Yes. PubNub’s payment processing is handled by Stripe, a PCI DSS Level 1-certified service provider. PubNub does not store, transmit, or process any payment card information within its systems.

PubNub completes formal annual risk assessments, independent SOC 2 Type II and ISO 27001 audits, and third-party penetration testing. New vendors undergo an internal security evaluation before integration.

Requests are reviewed to ensure legal validity and scope. Unless prohibited by law, PubNub notifies customers before any disclosure so they may seek protection.

Yes. Customers can select US-only, EU-only, or APAC-only processing. PubNub supports GDPR, Standard Contractual Clauses (SCCs), and Data Processing Addendums (DPAs) for cross-border compliance.

Yes. PubNub holds SOC 2 Type II attestation and ISO 27001:2022 certification, verified annually by accredited third-party auditors.