BigCommerce Trust Center
Welcome to BigCommerce's Trust Center.
At BigCommerce, security, privacy and resilience are built into the core of our platform. We're committed to providing a secure and reliable e-commerce experience for both you and your customers.
Here's how we stand out:
-Unmatched Payment Security: We don't just rely on payment providers for security. BigCommerce holds Level 1 PCI AOC's as Merchant and as Service Provider, the highest level of certification, demonstrating our commitment to protecting your customers' data and simplifying your compliance journey.
-Proactive Threat Intelligence: By partnering with trusted threat intelligence providers like Recorded Future and engaging with communities like RH-ISAC, InfraGard, and the Cybersecurity and Infrastructure Security Agency (CISA), BigCommerce proactively fortifies its platform against emerging attacks.
-Comprehensive Compliance: BigCommerce cybersecurity teams are organized around NIST Functions (Governance, Identify, Protect, Detect, Respond & Recover). Our adherence to NIST, CIS, and ISO 27001:2022, ISO 27017, ISO 27018, ISO 27701, and ISO 22301 demonstrates our unwavering commitment to risk management and data protection.
-Purpose-Built for Enterprise E-commerce: Unlike general-purpose platforms that can hold you back, BigCommerce empowers you with the scalability, control, and advanced security features needed to thrive in the complex world of enterprise e-commerce.
-Empowering Your Business.
BigCommerce provides the tools you need to manage your store's security and privacy, giving you control. Focus on growing your business with confidence, knowing your data and your customers' data are protected by a platform built on trust.
Stay Informed.
For the latest security updates and documentation, subscribe to this Platform Trust Center.
If you have questions about our Privacy Policy or our Terms of Service or our privacy practices, please contact us at privacy@BigCommerce.com.
If you have questions about our security practices, please contact us at security@bigcommerce.com.
If you have questions for our sales or support team, please see this site for contact details.
Green Roads | Deerfield Beach FL
Yeti Cycles
i9 Sports
Bealls Stores
SOLETRADER
Bensons for Beds
Coldwater Creek
Diamonds Direct
King Arthur Baking
Harvey Nichols
Liberty Coin
Ollie
One Kings Lane
Dr. Barbara Sturm
Andertons Music Co.
The Fold London
United Aqua Group
UPLIFT Desk
Vodafone GroupDocuments
- Does BigCommerce comply with the EU Digital Services Act (Regulation (EU) 2022/2065 of the European Parliament and of the Council of 19 October 2022 (DSA)?
- What payment integrations does BigCommerce support?
- Are processes, procedures, and technical measures defined, implemented, and evaluated for the transfer and sub-processing of personal data within the service supply chain (according to any applicable laws and regulations)?
- Are processes, procedures, and technical measures defined, implemented, and evaluated to ensure personal data is processed (per applicable laws and regulations and for the purposes declared to the data subject)?
- Are processes, procedures, and technical measures defined, implemented, and evaluated to enable data subjects to request access to, modify, or delete personal data (per applicable laws and regulations)?
European Accessibility Act (EAA)
We're committed to creating an inclusive experience for all our customers. As part of this commitment, we want to inform you about the European Accessibility Act (EAA), which came into effect on June 28, 2025. This significant legislation aims to make a wide range of products and services, including digital platforms, more accessible for people with disabilities across the EU. We are actively working to ensure our offerings comply with these new standards, reflecting our dedication to universal access and an enhanced user experience for everyone.
Annual Audit Complete: 2025 Certifications and Reports Available
Script Authorization on Payment Pages: Understanding PCI 4.0 Section 6.4.3 and How We’re Providing The Tools To Keep Your Payment Pages Secure: https://developer.bigcommerce.com/resource-hub/script-authorization-on-payment-pages
We're pleased to announce the successful completion of our 2025 annual audit!
As part of our commitment to transparency and security, our updated ISO certifications, SOC Reports, and PCI Attestations are now available for your review. You can access all of these documents directly from our Platform Trust Center: https://bigcommerce.com/security
Thank you for your continued trust and partnership.
PCI DSS v4.0.1 Shared Responsibility Matrix
Important Update: BigCommerce Publishes an updated PCI DSS v4.0.1 Shared Responsibility Matrix
Dear Valued Customer,
At BigCommerce, we are committed to maintaining the highest standards of security and compliance, particularly concerning the protection of cardholder data. As part of this commitment, we are pleased to announce an updated PCI DSS v4.0.1 Shared Responsibility Matrix, with updates to customer-facing requirements (6.4.3 & 11.6.1).
This matrix provides a clear and detailed breakdown of the responsibilities shared between BigCommerce and our customers in adhering to the Payment Card Industry Data Security Standard (PCI DSS) v4.0.1. Understanding these shared responsibilities is crucial for ensuring the ongoing security of your payment processing environment.
What is the PCI DSS Shared Responsibility Matrix?
The matrix outlines:
- Specific PCI DSS requirements: It lists relevant requirements from the PCI DSS v4.0.1 standard, with v3.2.1 requirement numbers for reference.
- Responsibilities: It clearly defines which party (you, the customer, or BigCommerce) is responsible for meeting each requirement.
- Clarification: It provides clarity on the scope of our services and your obligations related to PCI DSS compliance.
- Collaboration: It fosters a collaborative approach to maintaining a secure payment ecosystem.
Why is this important?
- Enhanced Security: Understanding your responsibilities helps strengthen your overall security posture.
- Compliance Clarity: It provides a clear roadmap for achieving and maintaining PCI DSS compliance.
- Improved Collaboration: It promotes a transparent and collaborative relationship between BigCommerce and our customers.
- Updated for v4.0.1: It reflects the newest changes and requirements of the current PCI DSS standard.
- Updated with guidance about the impact of integrations and customizations to the responsibility matrix.
Where can you find the matrix?
You can access the PCI DSS v4.0.1 Shared Responsibility Matrix on our Trust Center:.
We encourage you to review this document carefully and familiarize yourself with your responsibilities. If you have any questions or require further clarification, please do not hesitate to contact our support team.
We appreciate your continued partnership and commitment to maintaining a secure payment environment.
Sincerely,
The BigCommerce Compliance Team
Report Illegal Content
In support of the EU Digital Services Act (Regulation (EU) 2022/2065 of the European Parliament and of the Council of 19 October 2022 on a Single Market For Digital Services and amending Directive 2000/31/EC) (the “DSA”), BigCommerce maintains a site that allows submitting applicable reports: https://www.bigcommerce.com/privacy/report-illegal-content/
📢 Calling all security researchers! 📢
We're excited to announce that we've doubled the rewards for our Bug Bounty program on Bugcrowd! 🎉
This means bigger payouts for you when you help us find and fix vulnerabilities. But it's about more than just money – we truly value the skills and dedication of security researchers, and we're committed to recognizing your contributions.
A huge thank you to everyone who has already participated in our program – your work has been invaluable! We're eager to see even more researchers join us on this journey. And stay tuned... we'll be launching some exciting new private programs soon! 🚀
Ready to make a real impact? Join our Bug Bounty program today and help us build a more secure future! 💪💻
Join the program:https://bugcrowd.com/engagements/bigcommerce