Security

Project.co is an important application for our customers daily business requirements. It’s therefore extremely important to us that we are providing a safe and secure environment that our customers can rely on. This page sets out all the different ways in which we operate to make sure we’re providing an uninterrupted, reliable service with security as a major focus.

Built on Bubble.io

Project.co V3 is built on Bubble.io – a secure, modern web platform trusted by thousands of companies around the world.

Bubble is a powerful no-code development platform that allows us to rapidly build and iterate on Project.co, while benefiting from enterprise-grade infrastructure and security. It runs on Amazon Web Services (AWS), the same cloud provider used by companies like Netflix, Airbnb, and NASA.

By building on Bubble, we’re able to deliver a fast, scalable, and reliable product – without compromising on security or privacy. Bubble handles hosting, database management, and security compliance, so we can focus on delivering great features while keeping your data safe.

You can learn more about Bubble’s security and best practices here.

Your data

All of your data is stored securely using Bubble.io’s managed infrastructure, which runs on Amazon Web Services (AWS). We also use Firebase to support some real-time app functionality – this is only for temporary, non-identifying data.

We only work with trusted, industry-standard services, and we maintain a list of all subprocessors here for full transparency.

Data transfer

Every connection to Project.co is secured with HTTPS – including custom domains. SSL certificates are automatically created and renewed to ensure your data is always encrypted in transit.

Passwords

We use Bubble’s secure authentication system. Passwords are encrypted and never stored in plain text – even we can’t see them. We enforce a minimum 8-character requirement for passwords and offer secure Google Single Sign-On (SSO) as an alternative login option.

File storage

Any files you upload to Project.co are stored using Bubble’s file storage service, which is hosted on AWS S3. Files are served over encrypted HTTPS links, so they remain private and secure.

Hosting & infrastructure

Project.co is built on Bubble’s platform, which uses Amazon Web Services (AWS) infrastructure. Our app runs on Bubble’s shared hosting environment, with data stored in Bubble’s default AWS region: us-east-1 (N. Virginia).

Bubble maintains compliance with industry security standards, including:
• SOC 1, SOC 2, SOC 3
• ISO 27001, ISO 27017, ISO 27018
• PCI DSS

You can learn more about Bubble’s infrastructure and security here.

Billing

We don’t store or process your payment information directly. All payments are handled through Stripe – a PCI-DSS Level 1 certified provider. You’ll always enter payment information on secure, Stripe-hosted checkout pages.

Account security

Project.co uses role-based permissions and Bubble’s privacy rules to ensure users only access the data they’re authorized to see. These privacy rules apply at both the page and data level.

Two-factor authentication (2FA) is not currently available, but it is on our roadmap and will be added in a future update.

Legal

In addition to the security information included above you can see our data policies here:
Terms Of Service
Privacy Policy
Cookies Policy
Data Processing Agreement
Subprocessors