Security Overview

CloudConvert is committed to maintain an extensive security program. This includes both technical and organizational security measures. Learn more about our security principles and measures on this page.

Certified Datacenters

CloudConvert relies on trusted cloud service providers with highest security standards, such as AWS. All our used cloud providers and data centers are ISO 27001 certified. Our cloud services are hosted in Germany.

Data Isolation

Our software and infrastructure was designed from ground up with customer data isolation in mind. Each conversion is running in a separate, isolated container. This means that even the CloudConvert team technically cannot access your files. If we need access to your files for support purposes, we will ask you to send them over manually.

Storage Security

Files are only kept for the time of processing and deleted immediately afterwards. CloudConvert intentionally does not provide any permanent storage. Instead, it integrates with your existing and trusted storage system, such as Amazon S3 or many other services.


CloudConvert automatically scales with increasing load. By strictly separating available resources we make sure load peaks of one customer cannot affect other customers.

Network Security

All transfers from and to CloudConvert are SSL encrypted. We ensure the use of up-to-date ciphers. The network is actively monitored and protected by firewalls from our cloud provider.

Access Control

Access to the CloudConvert webinterface is governed by 2 factor authentication and access rights. Any access is logged and can be reviewed by the customer through detailed activity logs. API authentication relies on the OAuth 2.0 standard and can be restricted by fine granular access scopes.

Organizational Principles

The CloudConvert staff is trained in order to properly handle your data. We do follow documented processes in regards to Vulnerability Management, Incident Management and Human Resources Security. We do regular security trainings to strength the understanding of the security processes.

Development Principles

Our team follows industry best practices to build and maintain secure code and infrastructure. This includes regular code reviews and vulnerability testing. Our software, infrastructure and security measures are constantly adjusted to technical progress.

Availability & Fault Tolerance

Our infrastructure is set up in a fully redundant way and distributed across multiple availability zones. Since 2012 we have gained a lot of experience on how to offer a reliable service, even in the case of load peaks or datacenter downtimes.

Privacy & GDPR Compliance

As a German company, we are bound to the strict European data protection laws. We are committed to comply with the General Data Protection Regulation (GDPR). It is possible to sign a data processing agreement (DPA) with us. Therefore, please contact us. Read more about our privacy principles and the GDPR in our privacy policy.

If you have any further questions or concerns about our security statement, please do not hesitate to contact us.