Search overlay panel for performing site-wide searches
Salesforce (Heroku) Named a Leader. Learn More!
Line art with a shield at the center, surrounded by swirling lines, trees, and hills, suggesting protection and nature.

Heroku Shield

A simplified path to building high compliance apps.

Contact Sales

Line art illustration featuring a central shield surrounded by abstract cityscape elements, technology symbols, and padlocks.

What is Heroku Shield?

Heroku Shield is a set of Heroku platform services that offer additional security features needed for building high compliance applications. Use Heroku Shield to build HIPAA or PCI* compliant apps for regulated industries, such as healthcare, life sciences, or financial services. Heroku Shield simplifies the complexity associated with regulatory compliance, so you can enjoy same great developer experience when building, deploying, and managing your high compliance apps. Learn more about Heroku’s compliance programs and certifications by visiting our compliance center.

How Heroku Shield works

Heroku Shield is available to Heroku Enterprise customers as an additional package. Your Shield apps run in your own network isolated Heroku Shield Private Space using Heroku Shield Private Dynos to further enhance security at runtime.

You have the option to add Heroku Shield Postgres for highly-compliant data management, Apache Kafka on Heroku Shield for managing secure and HIPAA-regulated streaming datasets, and Heroku Shield Connect to safely sync data between your Shield apps and Salesforce. In addition, Heroku Shield gives you enhanced trust controls, such as Private Space Logging, that greatly simplify compliance auditing while still giving you full control of app configuration and deployment.

User interface for configuring app spaces, showing sections for space name, region, shield toggle, and optional logging with fields and dropdowns. Shield feature is enabled in Virginia, United States.

Why build with Heroku Shield?

Simplify the complexities of regulatory compliance.

Designed to meet industry regulations

Build engaging healthcare apps, fintech apps*, or life sciences apps with secure data services and meet complex regulatory requirements, including HIPAA and PCI*.

Fast set up & deployment

Spin up a HIPAA or PCI* compliant environment in minutes and start deploying your apps with all the ease of the Heroku developer experience using git push heroku main.

Out-of-the-box trust controls

Get additional trust controls, such as: keystroke logging for production access auditing, logging at the space level that you control, encryption at rest for ephemeral data, and strict TLS enforcement.

Securely share data with Salesforce

Extend your CRM capabilities to your Heroku apps and safely share PII data or PHI data with your Salesforce instance, including contacts, account data, and other custom objects.

Secure access to sensitive and compliant data

Build secure, multi-cloud app and data architectures across public clouds and private data centers. All data remains private and secure over the public internet via an encrypted and mutually-authenticated, connection.

At Heroku, trust is our number one value. Learn more about Heroku’s compliance programs and certifications by visiting our compliance center.

Visit Heroku’s Compliance Center

See it in action

The image shows the word "align" in lowercase letters with a blue dot above the letter "i" on a plain background.

“Heroku Shield makes HIPAA compliance easier to execute, so now my dev teams can focus on building great apps using a modern app-dev toolset, refer to customer-sensitive data with added confidence, and ultimately provide our customers with an engaging experience that differentiates Align Technology in the marketplace.”

Leela Parvathaneni

Director of Customer-Facing Applications, Align Technology

Align Technology’s story

Components of Heroku Shield

A suite of services with enhanced trust and security.

Heroku Shield Private Spaces

Get all the benefits of a network isolated Heroku Private Space with additional trust controls to deliver high compliance apps with confidence.

Heroku Shield Private Spaces docs

Heroku Shield Private Dynos

Shield Private Dynos include an encrypted ephemeral file system and restricts SSL termination from using TLS 1.0 (which is considered vulnerable).

Shield Private Dyno docs

Heroku Shield Postgres

Shield Postgres further extends Heroku Postgres to guarantee that your sensitive data is always encrypted both in transit and at rest.

Heroku Shield Postgres docs

Heroku Shield Connect*

Using Heroku Connect’s bi-directional synchronization between Salesforce and Shield Postgres, you can share sensitive PII data or PHI data in a high compliance environment.

Heroku Shield Connect docs

Apache Kafka on Heroku Shield

Apache Kafka on Heroku Shield combines the industry-leading open source solution for managing event streams with the strict controls needed to deliver real-time, HIPAA-compliant apps.

Apache Kafka on Heroku Shield docs

Shield Heroku Key-Value Store

Use Shield Heroku Key-Value Store to handle PHI and PII data safely in-memory. Build a new class of real-time apps with strict security and seamless HIPAA compliance, perfect for regulated industries such as Healthcare & Life Sciences and Financial Services. Shield Heroku Key-Value Store docs

Learn more about Heroku Shield

Please tell us more about your project and we’ll be in touch.

This field is for validation purposes and should be left unchanged.

Submitting this form signifies that you have read and agree to the Terms of Service, the Salesforce Japan Privacy Statement (if applicable), and our Privacy Policy.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Dev Center Documentation

Heroku Enterprise Overview

Heroku Enterprise Dynos

Heroku Private Spaces

Heroku Postgres and Private Spaces

Heroku Connect

Heroku Security, Privacy, and Compliance

Webinars

Building High Compliance Apps using Heroku Shield

See how Heroku Shield helps developers solve many of the challenges of HIPAA compliant app development.

Architecting HIPAA and High Compliance Apps Using Heroku Shield

Learn how to configure a compliance-ready environment and data center in the cloud using Heroku Shield.

From the Blog

Heroku Shield for Redis is Now Generally Available

Heroku Shield for Redis is certified for handling PHI, PII, and HIPAA-compliant data, enabling organizations to build real-time apps with secure data more easily than ever.

Introducing Heroku Shield: Continuous Delivery for High Compliance Apps

Heroku Shield, a new addition to our Heroku Enterprise line of products, offers developers the power and productivity of Heroku for strictly regulated apps.

Announcing PCI Compliance for Heroku Shield

Heroku’s PCI Level 1 Service Provider designation* helps our customers understand how Heroku’s systems and human processes work together to safeguard customer data.

Announcing General Availability of Heroku Shield Connect

Heroku Shield Connect enables high performance, fully automated, and bi-directional data synchronization between Salesforce and Heroku Postgres for companies that need to build HIPAA-compliant applications with Salesforce as the system of record for customer data.

Apache Kafka on Heroku Shield is Now Generally Available

Apache Kafka on Heroku Shield enables security-minded and health and life sciences companies to build HIPAA-compliant apps with real-time data that is sensitive, protected, regulated, and highly-personalized.

*Important note: Heroku Shield Connect and Shield Heroku Key-Value Store are currently not PCI compliant. If you require PCI compliance, please contact us and we can help you find the right solution for your needs.