Notice something different? Get the story behind our exciting new brand
Contentstack

System performance and security

We are committed to transparency, building your trust, and protecting your data
logo
We take data security very seriously. We provide a multi-step, multi-level security system with complete transparency, so you not only feel safe, you can see how secure your data is, anytime.
customer profile picture
Nishant Patel
CTO, Contentstack

System status

Get real-time and historical status on availability and performance of Contentstack services and systems

verified_user

Network security

Deliver seamlessly integrated omnichannel experiences

verified_user

Virtual private cloud

Deliver seamlessly integrated omnichannel experiences

verified_user

Data encryption

Deliver seamlessly integrated omnichannel experiences

verified_user

Log data retention

Contentstack offers flexible – yet secure – log data retention policies.

verified_user

Two-factor authentication

Contentstack allows you to add an additional layer of security to enable secure access to your account and ensure the safety of your data. Read our blog to learn more about how to use this.

verified_user

Password protection

All user passwords are hashed.

Multiple data centers

Contentstack is a multi-cloud solution designed in a cloud-agnostic architecture. It is the only CMS vendor with three separate instances of its headless CMS, including app hosting, API endpoints, and database. Customers can choose between Amazon Web Services (AWS), Microsoft Azure or Google Cloud Platform (GCP) as the underlying cloud infrastructure provider for Contentstack. No data is shared between our North American and European instances.

Compliance

Contentstack meets the stringent requirements of the following industry standards and certifications.

ISO.svg

ISO 27001:2013 Certified

Contentstack is ISO 27001 certified. ISO 27001 is a specification for an information security management system (ISMS) framework of policies and procedures that includes all legal, physical, and technical controls involved in an organization's information risk management processes.

SOC2.svg

SOC 2 Type II

Contentstack complies with Service Organization Controls’ standards for operational security. We are constantly engaged with an independent, third-party auditing firm for regular SOC 2 audits, and the reports cover controls around the security, availability, confidentiality and privacy of customer data. You can contact us to get a copy of our most recent SOC 2 audit.

VAPT.svg

Vulnerability Assessment and Penetration Testing (VAPT)

Contentstack performs these two types of vulnerability testing to ensure that all systems are secure and protected against hacking attacks. A third-party auditing firm audits our VAPT twice a year, which ensures that any vulnerabilities are mitigated.

GDPR

We have a privacy policy that gives our users information as to what data we collect, how we use it, and choices regarding their data subject rights. We also work with our subprocessors to ensure that they comply with GDPR where applicable.

We work with our customers to put in place a Data Protection Addendum or other arrangements where applicable data is processed to make sure that we work with our clients to limit our use of and protect their data in compliance with GDPR.

We also have conducted a Data Transfer Risk Assessment to enable data exporters to determine if the mechanism they intend to use for an international data transfer (i.e. data transfer to a third country) provides an adequate level of protection in the circumstances of that transfer based on the nature of both the personal data transfer and the destination country.