💡 Web projects can be hard. Our solutions specialists can help!

We're committed to your security

At CloudCannon, security is important to us. We are always looking for ways to improve our product and a big part of that is security. This includes our product, our services, and the way our people conduct themselves.

SOC2 badge

CloudCannon has achieved SOC 2 Type 2 certification, signifying our ongoing commitment to enhancing data security, and ensuring the protection of your valuable information. This certification helps to verify that our security controls, policies, and procedures are designed and implemented effectively.

Here's why CloudCannon's SOC 2 Type 2 certification matters:

Enhanced Data Security

Your data security is our top priority. Achieving SOC 2 Type 2 certification demonstrates that CloudCannon has invested in robust security measures to safeguard your data from threats and breaches.

Compliance and Responsibility

Achieving SOC 2 Type 2 certification reflects our dedication to complying with industry regulations and standards, especially in industries where data security is paramount.

Risk Mitigation

Through rigorous assessment and auditing, we have identified and addressed potential security risks. This proactive approach minimizes vulnerabilities, making our platform even more secure for you.

Trust and Transparency

We value your trust. SOC 2 Type 2 certification helps to show our dedication to transparency — and to show that we’ve earned the trust you place in us.

CloudCannon's SOC 2 Type 2 certification is a significant step in our ongoing commitment to securing your data. It assures you that your data is in safe hands, protected by a CMS provider that takes security seriously.

Security details


CloudCannon has SOC 2 Type 2 compliance.

For payments we use Stripe, which is a certified Level 1 Service Provider. CloudCannon does not store any raw payment details.


CloudCannon works hard to ensure the app is GDPR compliant. For a list of subprocessors you can review our GDPR policy. Once an account, site, or project is removed, all associated data are immediately removed.


Your privacy is critically important to us. At CloudCannon we have a few fundamental principles:

  • We don’t ask you for personal information unless we truly need it.

  • We don’t share your personal information with anyone except to comply with the law, develop our products, or protect our rights.

  • We don’t store personal information on our servers unless required for the on-going operation of one of our services.

Read more in our privacy policy and if you have any concerns, please share them with us.

Technical and organizational measures

CloudCannon implements several measures to maintain high standards of security, availability and confidentiality. Those measures include but are not limited to:

  • Use of leading cloud-infrastructure partners AWS and Cloudflare services that comply with security policies and frameworks.

  • DDoS protection tools.

  • Encryption: all network traffic is encrypted using TLS and all the data is encrypted at rest.

  • Continuous automated vulnerability scans with remediation timeframes.

  • External penetration testing.

  • Implemented intrusion prevention and anomalous and suspicious activity detection systems.

  • Maintained and periodically tested disaster recovery and business continuity plans.

  • Complete development, testing and production environment separation.

  • Applied secure lifecycle development and secure engineering practices.

External pen testing and responsible disclosure policy

CloudCannon hires a 3rd party to run penetration tests at least annually. We use scanning tools to monitor and detect vulnerabilities. We also run a Bug Bounty Program; activity and submissions should follow the stipulated guidelines.


If you need anything else, please contact support@cloudcannon.com.