Our security approach

Couchbase security is a team effort. It begins with top-down policies from management and extends to the development of secure products by our engineers, management of governance and compliance by our information security team, and shared responsibilities across all our business units.

Built-in security protects your modern enterprise


The Couchbase information security team has established a robust security program based on Couchbase’s identified risks, industry standards, and best practices (e.g., CIS Critical Security Controls, ISO 27002, NIST SP 800-53, and SSAE 18 SOC 2 Trust Principles).

Critical Components


Couchbase is committed to being transparent about how we collect, use, and protect data received and stored by our products and services. See the Couchbase Privacy Policy for more information.


Couchbase’s architecture interweaves many technology elements to ensure reliability, disaster tolerance, and industry-leading high availability at scale on a global basis.

Shared responsibility

Although much of the security framework is in place and automated, customers are responsible for some initial configuration and ongoing security administration. See our Shared Responsibility Model to learn more.

What customers are saying