Security is one of the cornerstones of how we’re making Bitrise a better product each day, and we’re super excited to share that we’re now a PCI DSS compliant service provider. 💳 🎉
This milestone reflects our ongoing commitment to security best practices to ensure that our customers' data stays safe and secure with us. As part of an ongoing effort, we renew our SOC 2 Type 2 Report each year. Starting in November 2025, our PCI DSS Attestation of Compliance (AOC) will be renewed annually as well.
We’re also happy to announce that we’ve launched our brand-new Trust Center, a central hub for security, compliance, and privacy practices at Bitrise. All reports and documents are available there; they explain how we protect customer data, manage risk, and meet industry standards so teams can safely ship mobile apps.
“Achieving PCI DSS compliance is a major milestone for Bitrise. I'm proud of our team's dedication to building a platform that meets the highest standards. This accomplishment reinforces our commitment to security and gives our customers greater confidence in doing what they’re best at: building apps."
Barnabas Birmacher, CEO and Co-Founder of Bitrise
What is PCI DSS, and what does it mean for Bitrise and our customers?
PCI DSS is a globally recognized standard designed to secure payment card data and reduce payment fraud. While at Bitrise we do not store, process, or transmit credit card data, any customer doing so and choosing Bitrise as their Mobile DevOps platform requires us to be compliant.
Achieving compliance demonstrates that the people, processes, and technology at Bitrise meet the requirements for PCI DSS compliance.
For customers handling cardholder data, this commitment provides added assurance that their data is protected according to industry best practices. Customers can continue using Bitrise with greater confidence that tools involved with payment data are handled according to PCI DSS controls.
While Bitrise’s compliance helps secure data within our environment, customers are still responsible for securing their own cardholder data flows and maintaining their own compliance where applicable.
Our path to PCI DSS compliance
We identified any use cases that might be relevant for cardholder data to define the in-scope environment. We partnered with Apersky, a Qualified Security Assessor (QSA), to perform a formal assessment and validate our PCI DSS compliance.
We updated our existing controls, policies, procedures and in-house trainings to reflect PCI DSS requirements.
PCI DSS compliance is not a one-time achievement. It requires continuous monitoring, regular assessments, and a long-term commitment. Bitrise remains committed to maintaining and enhancing our security posture through ongoing monitoring, periodic reassessments, employee training, and updates to policies and technology as standards evolve.
Questions?
If you’d like to learn more about compliance and security at Bitrise, please visit our Trust Center, where you can find all available information.
About Bitrise
Founded in 2014, Bitrise is the leading mobile DevOps platform empowering over 8,500 brands, including Shopify, TripAdvisor, and BuzzFeed. Bitrise unifies the tools, processes, and testing frameworks mobile teams need to build and ship world-class apps. The company is backed by Insight Partners, Open Ocean, Fiedler Capital, and Y Combinator. Visit: bitrise.io
