Security and Compliance

CloudConvert is committed to maintaining an extensive security program that includes both technical and organizational security measures. CloudConvert is ISO 27001 certified and has developed an ISMS to fully support the Trust Service Principles (TSP) of security, availability, processing integrity, confidentiality and privacy. Learn more about our security principles and measures below.

ISO 27001

CloudConvert has received ISO 27001 certification from TÜV Süd, highlighting our strong commitment to data security and secure management principles. This certification means we follow top-notch international standards for keeping your data safe and secure.

Certified Data Centers

CloudConvert relies on trusted cloud service providers with the highest security standards such as AWS. All our cloud providers and data centers are ISO 27001 certified. Our cloud services are hosted in the selected geographical processing region exclusively.

Data Isolation

Our software and infrastructure were designed from the ground up with customer data isolation in mind. Each conversion runs in a separate, isolated container. This means that even the CloudConvert team technically can’t access your files. If we need access to your files for support purposes, we’ll ask you to send them over manually.

Storage Security

Files are kept only for processing and deleted immediately afterwards. CloudConvert intentionally does not provide any permanent storage. Instead, we are integrated with your existing and trusted storage system such as Amazon S3 or many other services.


CloudConvert automatically scales with increasing load. By strictly separating available resources, we make sure the load peaks of one customer don’t affect other customers.

Network Security

All transfers from and to CloudConvert are SSL encrypted. We ensure the use of up-to-date ciphers. The network is actively monitored and protected by firewalls from our cloud provider.

Access Control

Access to the CloudConvert web interface is governed by two-factor authentication and access rights. All access is logged and can be reviewed by the customer through detailed activity logs. API authentication relies on the OAuth 2.0 standard and can be restricted by fine granular access scopes.

Organizational Principles

The CloudConvert staff is trained to expertly handle your data. We follow documented processes regarding Vulnerability Management, Incident Management, and Human Resources Security. We do regular security trainings to strengthen our understanding of the security processes.

Development Principles

Our team follows industry best practices to build and maintain secure code and infrastructure including regular code reviews and vulnerability testing. Our software, infrastructure, and security measures are constantly adjusted to technical progress.

Availability & Fault Tolerance

Our infrastructure is set up in a fully redundant way and distributed across multiple availability zones. Since our founding in 2012, we’ve learned how to offer a reliable service, even in the case of load peaks or data center downtimes.

Privacy & GDPR Compliance

As a German company, we’re bound to strict European data protection laws, and we’re committed to comply with the General Data Protection Regulation (GDPR). If you’d like to sign a data processing agreement (DPA) with us, please contact us. Read more about our privacy principles and the GDPR in our Privacy Policy.

If you have any further questions or concerns about our security statement, please do not hesitate to contact us.