CloudConvert is committed to maintaining an extensive security program that includes both technical and organizational security measures. CloudConvert has not undertaken the SOC 2 or ISO 27001 accreditation, though we fully support the Trust Service Principles (TSP) of security, availability, processing integrity, confidentiality and privacy. Learn more about our security principles and measures below.
CloudConvert relies on trusted cloud service providers with the highest security standards such as AWS. All our cloud providers and data centers are ISO 27001 certified. Our cloud services are hosted in Germany.
Our software and infrastructure were designed from the ground up with customer data isolation in mind. Each conversion runs in a separate, isolated container. This means that even the CloudConvert team technically can’t access your files. If we need access to your files for support purposes, we’ll ask you to send them over manually.
Files are kept only for processing and deleted immediately afterwards. CloudConvert intentionally does not provide any permanent storage. Instead, we are integrated with your existing and trusted storage system such as Amazon S3 or many other services.
CloudConvert automatically scales with increasing load. By strictly separating available resources, we make sure the load peaks of one customer don’t affect other customers.
All transfers from and to CloudConvert are SSL encrypted. We ensure the use of up-to-date ciphers. The network is actively monitored and protected by firewalls from our cloud provider.
Access to the CloudConvert web interface is governed by two-factor authentication and access rights. All access is logged and can be reviewed by the customer through detailed activity logs. API authentication relies on the OAuth 2.0 standard and can be restricted by fine granular access scopes.
The CloudConvert staff is trained to expertly handle your data. We follow documented processes regarding Vulnerability Management, Incident Management, and Human Resources Security. We do regular security trainings to strengthen our understanding of the security processes.
Our team follows industry best practices to build and maintain secure code and infrastructure including regular code reviews and vulnerability testing. Our software, infrastructure, and security measures are constantly adjusted to technical progress.
Our infrastructure is set up in a fully redundant way and distributed across multiple availability zones. Since our founding in 2012, we’ve learned how to offer a reliable service, even in the case of load peaks or data center downtimes.
If you have any further questions or concerns about our security statement, please do not hesitate to contact us.