Netlify is SOC-2 certified and have a strong focus on security. We take the uptime, resiliency and integrity of our system extremely seriously and have architected our platform with a focus on the security.
All traffic over our networks is TLS encrypted and all sensitive information like access tokens, SSH deploy keys for Git providers or HTTPS private keys are encrypted at rest.
We have extensive backups and high levels of replication for all data and uploaded files and run regular disaster recovery exercises and collaborate with 3rd party services for pen testing and security audits.
In designing our security systems and policies, we’re taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing your data as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons. Netlify implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate, the pseudonymisation and encryption of personal data. We have the ability to ensure the ongoing confidentiality, integrity, availability and resilience of our processing systems and services and the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident, as well as processes for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.
If you’d like to responsibly report a security issue, please contact firstname.lastname@example.org.
If you’re a Netlify customer and have any inquire about our security practices, please contact email@example.com.