Data encryption

All data within Crunchy Bridge is encrypted at rest and in transit. Data is encrypted with AES-256 encryption. All Crunchy Bridge instances require you to connect to your database with TLS 1.2 or higher.

Customer-managed encryption keys

Crunchy Bridge Encryption Keys enables encryption of both disks and backups of Crunchy Bridge clusters using cloud-specific key material. Encryption is done using each cloud's encryption facility, and not any custom encryption schema on the part of Crunchy Bridge.

To learn more about setting this up, see the Encryption keys how-to documentation.


Crunchy Bridge instances run in an isolated network or VPC, your network is fully isolated from other customers and from other teams within your account. By default your VPC is configure to be publicly available with a firewall rule of, it is recommended for further security you set up specific firewall rules for your environments access only.

Crunchy Bridge also supports VPC peering to be able to communicate over private routes. In order to configure VPC peering open a support ticket.

Password security

Crunchy Bridge by default generates a password for your default database user. This password is auto-generated and includes 32 characters in length and a mix of letters, numbers and non alphanumeric characters.

Once connected to your Crunchy Bridge instance you're able to create additional Postgres roles for your own needs.

Audit logs

Within Crunchy Bridge you have full access within the UI and API to event audit logs for your individual Postgres instances as well as for Team level operations. You can view each of these directly in the Crunchy Bridge console.


Crunchy Bridge is GDPR compliant.

Crunchy Bridge has completed a SOC2 Type 2 audit. In order to obtain a copy of this report please contact us.

Crunchy Bridge has been audited as HIPAA compliant. If you need to ensure HIPAA compliance please contact us regarding getting a Business Associate Agreement (BAA) in place.