"We take data security very seriously. We provide a multi-step, multi-level security system with complete transparency so you not only feel safe, you can see how safe your data is, anytime."
Matthew Baier
Matthew Baier COO at Contentstack

System Status

Get real-time and historical status on availability and performance of Contentstack services and systems.




Network security

Transfer of data between your browser and the Contentstack website is secured via the HTTPS protocol. We have configured firewall security rules to isolate and secure application infrastructure. These security controls include enterprise-grade routing and network access control lists. Moreover, our network and systems are constantly scanned to check for vulnerabilities.


Virtual private cloud

Data held on our servers are secure and not open to the public. Our product infrastructure, housed by AWS, has high levels of physical and network security which safeguards content and user data to help protect customer privacy. Our architecture is designed for maximum reliability and uptime and offers defined Service Level Agreements (SLAs) for its services.


Data encryption

To ensure the security and confidentiality, data in transit, data at rest, and data backups are encrypted with the industry-standard AES-256 algorithm. Our Content Delivery API uses CDN for faster and secure delivery of content.


Log data retention

Contentstack offers flexible – yet secure – log data retention policies. These restrictions control how logs may be used and incorporate appropriate measures to protect against data misuse.


Two-factor authentication

Contentstack allows you to add an additional layer of security to enable secure access to your account and ensure the safety of your data. Read our blog to learn more about how to use this.


Password protection

All user passwords are hashed.



Contentstack meets the stringent requirements of the following industry standards and certifications.



Contentstack complies with Service Organization Controls’ standards for operational security. We are constantly engaged with an independent, third-party auditing firm for regular SOC 2 audits, and the reports cover controls around the availability, security, and confidentiality of customer data. You can contact us to get a copy of our most recent SOC 2 audit.


Vulnerability Assessment and Penetration Testing (VAPT)

Contentstack performs these two types of vulnerability testing to ensure that all systems are secure and protected against hacking attacks. A third-party auditing firm audits our VAPT twice a year, which ensures that any vulnerabilities are mitigated.



As per the General Data Protection Regulation (GDPR) that came into effect on May 25, 2018, organizations established in the European Union and organizations that collect, process, and analyze personal data tied to EU-based individuals are required to comply with the rules laid down by the GDPR. We are fully GDPR compliant and are further committed to helping our customers in their efforts to comply with the GDPR.