

What is Heroku Shield?
Heroku Shield is a set of Heroku platform services that offer additional security features needed for building high compliance applications. Use Heroku Shield to build HIPAA or PCI* compliant apps for regulated industries, such as healthcare, life sciences, or financial services. Heroku Shield simplifies the complexity associated with regulatory compliance, so you can enjoy same great developer experience when building, deploying, and managing your high compliance apps. Learn more about Heroku’s compliance programs and certifications by visiting our compliance center.
How Heroku Shield works
Heroku Shield is available to Heroku Enterprise customers as an additional package. Your Shield apps run in your own network isolated Heroku Shield Private Space using Heroku Shield Private Dynos to further enhance security at runtime.
You have the option to add Heroku Shield Postgres for highly-compliant data management, Apache Kafka on Heroku Shield for managing secure and HIPAA-regulated streaming datasets, and Heroku Shield Connect to safely sync data between your Shield apps and Salesforce. In addition, Heroku Shield gives you enhanced trust controls, such as Private Space Logging, that greatly simplify compliance auditing while still giving you full control of app configuration and deployment.

Why build with Heroku Shield?
Simplify the complexities of regulatory compliance.
Designed to meet industry regulations
Build engaging healthcare apps, fintech apps*, or life sciences apps with secure data services and meet complex regulatory requirements, including HIPAA and PCI*.
Fast set up & deployment
Spin up a HIPAA or PCI* compliant environment in minutes and start deploying your apps with all the ease of the Heroku developer experience using git push heroku main
.
Out-of-the-box trust controls
Get additional trust controls, such as: keystroke logging for production access auditing, logging at the space level that you control, encryption at rest for ephemeral data, and strict TLS enforcement.
Securely share data with Salesforce
Extend your CRM capabilities to your Heroku apps and safely share PII data or PHI data with your Salesforce instance, including contacts, account data, and other custom objects.
Secure access to sensitive and compliant data
Build secure, multi-cloud app and data architectures across public clouds and private data centers. All data remains private and secure over the public internet via an encrypted and mutually-authenticated, connection.
At Heroku, trust is our number one value. Learn more about Heroku’s compliance programs and certifications by visiting our compliance center.
See it in action

“Heroku Shield makes HIPAA compliance easier to execute, so now my dev teams can focus on building great apps using a modern app-dev toolset, refer to customer-sensitive data with added confidence, and ultimately provide our customers with an engaging experience that differentiates Align Technology in the marketplace.”
Leela Parvathaneni
Director of Customer-Facing Applications, Align Technology
Components of Heroku Shield
A suite of services with enhanced trust and security.
Heroku Shield Private Spaces
Get all the benefits of a network isolated Heroku Private Space with additional trust controls to deliver high compliance apps with confidence.
Heroku Shield Private Dynos
Shield Private Dynos include an encrypted ephemeral file system and restricts SSL termination from using TLS 1.0 (which is considered vulnerable).
Heroku Shield Postgres
Shield Postgres further extends Heroku Postgres to guarantee that your sensitive data is always encrypted both in transit and at rest.
Heroku Shield Connect*
Using Heroku Connect’s bi-directional synchronization between Salesforce and Shield Postgres, you can share sensitive PII data or PHI data in a high compliance environment.
Apache Kafka on Heroku Shield
Apache Kafka on Heroku Shield combines the industry-leading open source solution for managing event streams with the strict controls needed to deliver real-time, HIPAA-compliant apps.
Shield Heroku Key-Value Store
Use Shield Heroku Key-Value Store to handle PHI and PII data safely in-memory. Build a new class of real-time apps with strict security and seamless HIPAA compliance, perfect for regulated industries such as Healthcare & Life Sciences and Financial Services. Shield Heroku Key-Value Store docsLearn more about Heroku Shield
Please tell us more about your project and we’ll be in touch.
Webinars
Building High Compliance Apps using Heroku Shield
See how Heroku Shield helps developers solve many of the challenges of HIPAA compliant app development.
Architecting HIPAA and High Compliance Apps Using Heroku Shield
Learn how to configure a compliance-ready environment and data center in the cloud using Heroku Shield.
From the Blog
Heroku Shield for Redis is Now Generally Available
Heroku Shield for Redis is certified for handling PHI, PII, and HIPAA-compliant data, enabling organizations to build real-time apps with secure data more easily than ever.
Introducing Heroku Shield: Continuous Delivery for High Compliance Apps
Heroku Shield, a new addition to our Heroku Enterprise line of products, offers developers the power and productivity of Heroku for strictly regulated apps.
Announcing PCI Compliance for Heroku Shield
Heroku’s PCI Level 1 Service Provider designation* helps our customers understand how Heroku’s systems and human processes work together to safeguard customer data.
Announcing General Availability of Heroku Shield Connect
Heroku Shield Connect enables high performance, fully automated, and bi-directional data synchronization between Salesforce and Heroku Postgres for companies that need to build HIPAA-compliant applications with Salesforce as the system of record for customer data.
Apache Kafka on Heroku Shield is Now Generally Available
Apache Kafka on Heroku Shield enables security-minded and health and life sciences companies to build HIPAA-compliant apps with real-time data that is sensitive, protected, regulated, and highly-personalized.
*Important note: Heroku Shield Connect and Shield Heroku Key-Value Store are currently not PCI compliant. If you require PCI compliance, please contact us and we can help you find the right solution for your needs.