• Contentstack a Strong Performer in The Forrester Wave for Content Management Systems 2023Contentstack a Strong Performer in The Forrester Wave for CMS
    |
    Read the report
  • Marketplace
    Docs
  • |
    Marketplace
    |
    Docs
    |
    Login
    |

Top results

Documentation

Your guide to our headless CMS platform

Quickstart in 5 mins

Here’s a quick guide that explains how to create a basic ...

Contentstack Basics

Contentstack is a CMS backend for your digital properties ...

Gartner: drive seamless digital customer experiences ...

Disjointed customer experiences are a widespread marketing ...

What is Composable Architecture

Today’s consumers expect to interact with your business on...

Content Management API

Contentstack is a headless, API-first content management ...

Forrester report: make omnichannel real in B2B commerce

B2B commerce has been reshaped by B2C’s quick and ...

Popular resources

Blog

How to Get Your Technical Debt Under Control

Blog

5 First Priorities for Business Change

Blog

Why a composable CMS is right for you

Blog

How to choose an omnichannel marketing platform

Guides

What is a Headless CMS?

Blog

Creating a culture of empowerment

Top results

CLI

The Contentstack command-line interface (CLI) offers

Live preview

Live Preview allows content managers to preview content

JSON RTE

In the JSON Rich Text Editor, each paragraph is a block

Omnichannel content

Digital engagements usually happen across various platforms

Automation

Welcome to Contentstack Automation Hub, an automation

Workflows

Now that you have read through the workflow document

Popular resources

Contentstack
basics

See more

Quickstart
in 5 mins

See more

Starter
apps

See more

Content Delivery
APIs

See more

Content
Management APIs

See more

How-to
guides

See more
Contentstack Logo    Contentstack Icon Logo
Request demo
  • Platform
    Your platform, your stack, all the way
    • Front-end hosting
      Contentstack Launch - Launch experiences faster with fully integrated and automated front-end hosting
    • Full-stack automation
      Contentstack Automation Hub - Simplify the complex and automate the routine in your stack with clicks not code
    • Apps and integrations
      Contentstack Marketplace - 1-click integrations, recipes, App SDK, and more to build faster than ever
    • Headless CMS
      Contentstack Content Management System - The industry-best headless CMS hands down
    • security
      System and security stats
      Check out our systems stats, service availability, and security posture
    • payments
      Plans and pricing
      View our plans and pricing
    • calculate
      ROI Calculator
      See how your revenue stacks up with Contentstack
    • news
      Platform updates
      The latest on platform enhancements, roadmap and FAQs
    Designed for:
    The creative professional

    Finally a system that can move at the speed of your imagination.

    Read more
    The modern developer

    Build the tech stack that you've always dreamed of, on your terms.

    Read more
  • Solutions
    Start your composable journey today
    • What is composable?
      Find out why the future for digital experiences is composable
    • Why Contentstack
      Learn why your composable journey should start with Contentstack
    • Start your journey
      Check out our library of how-to content to help you on your way
    • Success stories
      Learn how businesses like yours have gone composable with great success
    ...
    shopping_cart

    For retail

    Innovate faster, nurture customer loyalty and boost sales with a scalable composable DXP

    See more

    ...
    ...

    From paper orders to e-commerce powerhouse Dawn Foods’ MACH journey

    Read Case Study

  • Resources
    CMS resources
    • workspaces
      Resources overview
      Content management resources
    • description
      Documentation
      Your guide to our headless CMS platform
    • edit_note
      Blog
      Headless CMS technology, tips, best practices, and how-tos
    • campaign
      Contentstack LIVE!
      Discover the latest composable tech strategies
    • school
      Contentstack Academy
      Master composable digital architectures confidently
    • podcasts
      Podcasts
      Composable business strategies and innovation from industry leaders
    • developer_guide
      CMS guides
      Comprehensive collection of articles on CMS
    • signpost
      Go Composable
      Learn how you can drive business forward and build better customer experiences
    • menu_book
      Glossary
      Definitions of terms related to headless CMS technology
    • handshake
      Community
      Discover our online community resources
    Forrester: The Total Economic Impact™ of Contentstack Headless CMS Platform

    The results tell the story. See how Contentstack customers save costs and boost business value in this commissioned study conducted by Forrester

    Read more
    Composable vs. monolithic: Which is right for you?

    Businesses are trying to create better customer experiences, so composable digital experience platforms (DXPs) are becoming more popular. But what are they?

    Read more
  • Customers
    Why customers love working with us
    • Customers overview
      Trusted by the world's top brands
    • Customer care
      See why customers love working with us
    • Contentstack Experience Awards
      Recognizing industry leaders demonstrating composable excellence
    • Case studies
      See how our customers achieve measurable impact
    • Customer support
      Get expert guidance and answers — fast
    ...
    ...

    LADbible Group cut editorial time in half and scaled with ease

    Read Case Study

    ...
    ...

    Burberry chooses headless CMS to enable speed and agility

    Read Case Study

  • Partners
    • Partners overview
      Learn about our partner ecosystem
    • Find a partner
      Best-in-class partners
    • Become a partner
      Join our partner ecosystem
    • Partner login
      Contentstack Partner Hub

    Contentstack’s partner program

    Contentstack’s partner program
  • Docs
    Documentation and learning
    • Documentation
      Your guide to our headless CMS platform
    • Quickstart in 5 minutes
      Create a basic webpage in Contentstack
    • For developers
      Developer's guide
    • For business teams
      Content manager's guide
    Understanding and Resolving CORS Error

    Cross-Origin Resource Sharing (CORS) is a mechanism or a protocol that allows devices on one domain to access resources residing on other domains.

    Read more
    Webhook

    A webhook is a user-defined HTTP callback. It's a mechanism that sends real-time info to any third-party app. Learn how to set up Contentstack Webhooks here!

    Read more
  • Company
    About Contentstack
    • Company overview
      Our vision, mission, and values
    • trophy
      Awards
      Industry awards and recognition
    • campaign
      News
      Contentstack in the News
    • description
      Press releases
      Contentstack News
    • event_available
      Events
      Check out our global industry events
    • favorite
      Social Responsibility
      Contentstack Corporate Social Responsibility
    • business_center
      Careers
      Join the Contentstack team
    • mail
      Contact us
      Let us know how we can help you
    ASICS chooses Contentstack to modernize and accelerate global online experience ...

    Contentstack, the Content Experience Platform (CXP) category leader, today announced the addition ...

    Read more
    Contentstack Expands Product Suite, Enters Front-End Hosting Market With New Fully-Integrated...

    Contentstack, the leading Composable Digital Experience provider, today announces its new Contentstack Launch ...

    Read more
LoginRequest demo
Login

Top results

Documentation

Your guide to our headless CMS platform

Quickstart in 5 mins

Here’s a quick guide that explains how to create a basic ...

Contentstack Basics

Contentstack is a CMS backend for your digital properties ...

Gartner: drive seamless digital customer experiences ...

Disjointed customer experiences are a widespread marketing ...

What is Composable Architecture

Today’s consumers expect to interact with your business on...

Content Management API

Contentstack is a headless, API-first content management ...

Forrester report: make omnichannel real in B2B commerce

B2B commerce has been reshaped by B2C’s quick and ...

Popular resources

Blog

How to Get Your Technical Debt Under Control

Blog

5 First Priorities for Business Change

Blog

Why a composable CMS is right for you

Blog

How to choose an omnichannel marketing platform

Guides

What is a Headless CMS?

Blog

Creating a culture of empowerment

Top results

CLI

The Contentstack command-line interface (CLI) offers

Live preview

Live Preview allows content managers to preview content

JSON RTE

In the JSON Rich Text Editor, each paragraph is a block

Omnichannel content

Digital engagements usually happen across various platforms

Automation

Welcome to Contentstack Automation Hub, an automation

Workflows

Now that you have read through the workflow document

Popular resources

Contentstack
basics

See more

Quickstart
in 5 mins

See more

Starter
apps

See more

Content Delivery
APIs

See more

Content
Management APIs

See more

How-to
guides

See more
  1. Contentstack
  2. Legal
  3. Security Addendum

Security Addendum

Legal / Security Addendum
  • Master Agreement
    • Contentstack Master Agreement (US)
    • Contentstack Master Agreement (UK)
    • Contentstack Master Agreement (AU)
    • Contentstack Master Agreement (EMEA)
  • Partner Agreements
    • Technology Partner Agreement for US
    • Technology Partner Agreement for UK and EMEA
    • Solution Partner Agreement for US
    • Solution Partner Agreement for UK and EMEA
  • Privacy Policy
  • Standard Contractual Clauses
    • EU Standard Contractual Clauses - Processor to Processor
    • EU Standard Contractual Clauses - Controller to Processor
    • EU Standard Contractual Clauses - Controller to Controller
    • International Data Transfer Addendum
  • Services Description
  • Trust & Security
    • Cookie Policy
    • Data Processing Agreement US/CA
    • Data Processing Agreement EMEA/UK
    • Security Addendum
    • Data Transfer Risk Assessment
    • Privacy Notice for Employees and Contractors
    • Privacy Notice for Candidates and Potential Contractors
    • Sub-processors
  • Marketplace
    • Marketplace Terms of Service for Developers
    • Marketplace Terms of Service for Customers
    • EULA for Contentstack Proprietary Marketplace Apps
  • Community
    • Community Terms of Service
  • Terms of Service & DMCA Takedown Policy
  • External-Facing Services Policy
  • Supplementary Terms
  • Legacy Agreements
    • Use Policy (08/19/2022)
    • Fair Use Policy (12/18/21)
  • Master Agreement
    • Contentstack Master Agreement (US)
    • Contentstack Master Agreement (UK)
    • Contentstack Master Agreement (AU)
    • Contentstack Master Agreement (EMEA)
  • Partner Agreements
    • Technology Partner Agreement for US
    • Technology Partner Agreement for UK and EMEA
    • Solution Partner Agreement for US
    • Solution Partner Agreement for UK and EMEA
  • Privacy Policy
  • Standard Contractual Clauses
    • EU Standard Contractual Clauses - Processor to Processor
    • EU Standard Contractual Clauses - Controller to Processor
    • EU Standard Contractual Clauses - Controller to Controller
    • International Data Transfer Addendum
  • Services Description
  • Trust & Security
    • Cookie Policy
    • Data Processing Agreement US/CA
    • Data Processing Agreement EMEA/UK
    • Security Addendum
    • Data Transfer Risk Assessment
    • Privacy Notice for Employees and Contractors
    • Privacy Notice for Candidates and Potential Contractors
    • Sub-processors
  • Marketplace
    • Marketplace Terms of Service for Developers
    • Marketplace Terms of Service for Customers
    • EULA for Contentstack Proprietary Marketplace Apps
  • Community
    • Community Terms of Service
  • Terms of Service & DMCA Takedown Policy
  • External-Facing Services Policy
  • Supplementary Terms
  • Legacy Agreements
    • Use Policy (08/19/2022)
    • Fair Use Policy (12/18/21)

Last Updated: July 7, 2023

Contentstack takes information security seriously. This security overview applies to Contentstack’s corporate controls for safeguarding personal data/personal information ("Personal Data") which is processed by us and transferred amongst Contentstack group companies.

1. Objectives and Exceptions

Contentstack has implemented a security policy aligned with an industry-standard or standards (such as ISO27001 or SOC2) that is designed to take reasonable steps to protect:

(a) the confidentiality, integrity, and availability of Personal Data that Contentstack processes; and

(b) against accidental, unauthorized, or unlawful access, copying, use, processing, disclosure, alteration, transfer, loss, or destruction of Personal Data.

 

This security addendum pertains only to those components and areas over which Contentstack has control and is responsible. It does not apply to any changes, modifications, configurations, or other actions taken by Customers or Customer's clients with respect to other aspects of the Customers' solution.

 

2. Security Measures - Overview

Contentstack has reasonable and appropriate security measures and procedures to manage and control identified security risks commensurate with Contentstack's legal and contractual obligations. Such security measures and procedures include physical, technical, and organizational safeguards that are:

(a) appropriate in consideration of the sensitivity of the Personal Data involved and the significance of Contentstack processing to the protection of an individual’s rights with regard to their Personal Data; and

(b) no less rigorous than (i) those maintained by Contentstack's own systems and information of a similar nature and (ii) accepted industry standards for ensuring the confidentiality, integrity, and availability of Personal Data.

 

Further information on Contentstack security measures is set out in the sections below.

 

3. Physical Security Measures

(i) Physical Security and Access Control – Contentstack's security measures and procedures ensure that all systems hosting Personal Data are maintained in a physically secure environment that:

  • ensures barriers to unauthorized access and that access restrictions at physical locations containing Personal Data (such as buildings, computer facilities, and records storage facilities) are designed and implemented to permit access only to authorized individuals;
  • detect any unauthorized access that may occur, including 24 x 7 security personnel at all relevant locations;
  • have provisions or redundancy to protect against fire and natural disasters; and
  • provide redundant poContentstackr, network, and cooling systems.

(ii) Physical Security for Media – Contentstack's security measures and procedures are designed to protect and prevent the unauthorized viewing, copying, alteration, or removal of any media containing Personal Data.

(iii) Media Destruction – Contentstack's security measures and procedures are designed to destroy removable media containing Personal Data that is no longer used, or alternatively to render Personal Data on such removable media unintelligible and not capable of reconstruction by any technical means before reuse of such removable media is allowed.

 

4. Technical Security Measures

(i) Customer Controls. In the event, Customer implements Single Sign On capability, certain access controls on hosted Customer systems, such as User password length and character requirements, limits on lockout, and password reuse, are under the exclusive control and responsibility of the Customer.

(ii) Access Controls on Information Systems. Contentstack's security measures and procedures are intended to allow access to all systems hosting Personal Data to be protected through the use of access control systems that uniquely identify each member of Contentstack's staff requiring access, grant access only to authorized persons and are based on the principle of least privileges, prevent unauthorized persons from gaining access to Personal Data, appropriately limit and control the scope of access granted to any authorized person, and log all relevant access events. These security measures and procedures may include Contentstack implementing and maintaining:

 

  • Access Rights Policies – Contentstack's policies and procedures regarding the granting of access rights to Personal Data are designed to ensure that only authorized and trained members of Contentstack's staff have access. Contentstack has an accurate and up-to-date list of all staff who have access to the Personal Data, and Contentstack has the ability to promptly disable access by staff upon the termination of their employment with us.
  • Authorization Procedures for Persons Entitled to Access – Contentstack's security measures and procedures establish and configure authorization profiles in order to ensure that members of Contentstack's staff only have access to Personal Data and resources that they need to know to perform their duties and that they are only able to access Personal Data within the scope and to the extent covered by their access permission. The access will be allocated on the basis of segregation of duties, least privilege, and on a role basis.
  • Authentication Credentials and Procedures – Contentstack's security measures and procedures for authentication of authorized members of Contentstack staff include:
    • systems transmitting and storing Personal Data are designed to prevent access by unauthorized users;
    • when privileged access (e.g., root or superuser level access) is granted to systems that handle Personal Data, such access is logged; and
    • laptop encryption for all Contentstack staff who access Personal Data.
  • Access Control from outside the Secured Area – Contentstack's security measures and procedures are designed to prevent Contentstack's information systems or Personal Data from being accessed by unauthorized persons from outside the secure area.
  • Access Monitoring – Contentstack's security measures and procedures monitor access to Contentstack's information systems and Personal Data, and maintain records of system or applicable access attempts (both successful and failed).
  • Intrusion Detection – Contentstack's security measures and procedures are designed (i) to ensure that Personal Data and Contentstack's assets and/or information systems are protected against the risk of intrusion by an intrusion detection system (IDS) and (ii) to monitor each and every instance of access to Personal Data and/or Contentstack's assets and information systems to detect the same and to respond to the same promptly.
  • Network Security – Contentstack's security measures and procedures are designed to ensure that Contentstack's network is protected from external and internal threats using tools and infrastructure such as firewalls, ACLs, IDS/IPS, and other controls as reasonably necessary. Contentstack's network is scanned for vulnerabilities, and penetration testing is performed at least once a year. Event logging is in place to ensure that intrusion attempts into the Contentstack network are logged.
  • Mobile Technology Security - Contentstack's security measures and procedures are designed to ensure that any mobile or portal system and/or storage device that processes Personal Data has software that will encrypt Personal Data when the device is outside of the designated data processing facility and/or during transport. The encryption software used meets the requirements of generally available commercial software designed to provide disc/media encryption.

(iii) Data Management Controls

  • Data Monitoring Tools – this tool contains technical functionality that permits Customers to determine access rights. Customers are responsible for reviewing and monitoring Personal Data to ensure compliance with their legal and contractual obligations (including under their agreement with us).
  • Data Destruction – Contentstack's security measures and procedures are designed to destroy Personal Data when appropriate and in accordance with Contentstack's legal and contractual obligations.
  • Data Availability Control – Contentstack's security measures and procedures are designed to ensure data availability, including procedures to ensure that Personal Data is protected from accidental destruction or loss and against data loss caused by a power shortage or interruptions in the power supply.
  • Software Patching – Contentstack's security measures and procedures are designed to ensure the updating and patching of all computer software and network device software to eliminate vulnerabilities and remove flaws that could otherwise facilitate security breaches.
  • Infrastructure Management - Contentstack's security measures and procedures are designed to demonstrate infrastructure management with a change control process, including risk assessment based on industry standards, testing, and implementation of applicable security procedures as are present in this Data Management Controls section with respect to infrastructure under Contentstack control and responsibility.
  • Backup, Retention, and Recovery – Contentstack's backup and recovery security measures and procedures are designed to ensure data availability in the event of loss of Personal Data or Contentstack information systems from any cause. All Personal Data is encrypted when stored and backed up.
  • Hardening - Contentstack's security measures and procedures are designed to ensure that all servers, network devices, and systems are hardened to ensure that default accounts are disabled and unused services are stopped.
  • Application Security - Contentstack's security measures and procedures are designed to ensure that the Contentstack application is reviewed regularly. Access to the Contentstack application may be accomplished through a 128-bit SSL channel. Contentstack's code audits will occur at least once per year based on applicable industry standards.

5. Organizational Security Measures

(i) Responsibility – Contentstack's security measures and procedures are designed to ensure that responsibility for information security management is assigned to appropriately skilled and senior staff. As permitted by applicable law, background checks are carried out on all Contentstack employees with access to Personal Data.

(ii) Qualification of Employees – Contentstack's security measures and procedures are designed to ensure the reliability, technical expertise, and personal integrity of all Contentstack staff with access to Contentstack information systems and/or Personal Data.

(iii) Obligations of Contentstack Employees – Contentstack security measures and procedures are designed to verify that any employee, agent, or contractor accessing the Personal Data knows his obligations and the consequences of any security breach.

6. Training and Education

Contentstack's training and education program is designed to ensure that Contentstack's staff are trained in and adequately aware of their responsibilities under this security addendum.

7. Incident Management/Escalation

Contentstack has an incident response plan for dealing with any security incidents, including escalation paths to senior management based on the incident classification or severity, incident contact lists, initial responses, investigation log, system recovery, issue and eradication, reporting, review and follow up procedures with appropriate reports to regulatory and law enforcement agencies.

8. Customer

The customer acknowledges that the measures set out in this security addendum are subject to technical progress and development and that Contentstack may update or modify such from time to time provided that such updates and modifications do not result in a material decrease of the overall security of the Services during a Subscription Term.

 

Contentstack

Platform

  • Front-end hosting
  • Full-stack automation
  • Apps and integrations
  • Headless CMS
  • System and security stats
  • Supported platforms
  • Plans and pricing
  • ROI Calculator
  • RSS

Solutions

  • What is composable?
  • Why Contentstack?
  • Start your journey
  • Retail
  • Success stories
  • FAQs
  • Legal

Resources

  • Resources overview
  • Docs
  • Blog
  • Contentstack LIVE!
  • Contentstack Academy
  • Podcasts
  • CMS guides
  • Go Composable
  • Glossary
  • Community

Customers

  • Customers overview
  • Customer care
  • Experience Awards
  • Case studies
  • Customer support

Partners

  • Partners overview
  • Find a partner
  • Become a partner
  • Partner login

Company

  • About
  • Awards
  • News
  • Press
  • Events
  • Social Responsibility
  • Careers
  • Contact Us
  • RSS
  • icon-facebook2
  • icon-linkedin
  • icon-instagram
  • icon-twitter
  • icon-youtube
  • icon-github

Copyright © 2023 Contentstack Inc. All rights reserved.

Built with Contentstack. Hosted on Launch.

  • Legal
  • Terms
  • Privacy
  • Cookie Preferences

Built with Contentstack. Hosted on Launch.