CloudConvert is committed to maintain an extensive security program. This includes both technical and organizational security measures. Learn more about our security principles and measures on this page.
CloudConvert relies on trusted cloud service providers with highest security standards, such as AWS. All our used cloud providers and data centers are ISO 27001 certified. Our cloud services are hosted in Germany.
Our software and infrastructure was designed from ground up with customer data isolation in mind. Each conversion is running in a separate, isolated container. This means that even the CloudConvert team technically cannot access your files. If we need access to your files for support purposes, we will ask you to send them over manually.
Files are only kept for the time of processing and deleted immediately afterwards. CloudConvert intentionally does not provide any permanent storage. Instead, it integrates with your existing and trusted storage system, such as Amazon S3 or many other services.
CloudConvert automatically scales with increasing load. By strictly separating available resources we make sure load peaks of one customer cannot affect other customers.
All transfers from and to CloudConvert are SSL encrypted. We ensure the use of up-to-date ciphers. The network is actively monitored and protected by firewalls from our cloud provider.
Access to the CloudConvert webinterface is governed by 2 factor authentication and access rights. Any access is logged and can be reviewed by the customer through detailed activity logs. API authentication relies on the OAuth 2.0 standard and can be restricted by fine granular access scopes.
The CloudConvert staff is trained in order to properly handle your data. We do follow documented processes in regards to Vulnerability Management, Incident Management and Human Resources Security. We do regular security trainings to strength the understanding of the security processes.
Our team follows industry best practices to build and maintain secure code and infrastructure. This includes regular code reviews and vulnerability testing. Our software, infrastructure and security measures are constantly adjusted to technical progress.
Our infrastructure is set up in a fully redundant way and distributed across multiple availability zones. Since 2012 we have gained a lot of experience on how to offer a reliable service, even in the case of load peaks or datacenter downtimes.
If you have any further questions or concerns about our security statement, please do not hesitate to contact us.