Security at Contentful

ISO and SOC 2

Saying that security is important to us is an understatement — it’s a top priority at Contentful and embedded in everything we do.

We’ve built a comprehensive security program that is governed by our Information Security Management System (ISMS), which is certified against ISO/IEC 27001:2022. This internationally recognized standard ensures that we systematically assess risks, threats and vulnerabilities to information security and maintain effective controls and management processes to protect our platform and users. Certification is performed by an independent third-party auditor to ensure transparency and impartiality.

Contentful has been ISO/IEC 27001 certified since June 3, 2019. The certification is subject to annual surveillance audits and full recertification every three years.

You can download our ISO 27001 certificate here.

In addition to ISO 27001, Contentful has undergone an independent SOC 2 Type 2 attestation, which evaluates the design and operational effectiveness of our security, availability, and confidentiality controls over a defined audit period. While the full SOC 2 Type 2 report is available under NDA, customers or prospects may request access through their account contact or the Contentful support team.

Alternatively, a publicly available SOC 3 summary report will be made available shortly. Please check back soon to download the report.

Our Senior Management Team is accountable for security, ensuring the right capabilities and awareness are in place across the organization. We take a holistic and collaborative approach to maintaining the confidentiality, availability, and integrity of your data.

For more information, see our Security Addendum.

How to report vulnerabilities

Contentful engages with the community through our Responsible Disclosure Program, also known as our Bug Bounty Program. We value the important role our community plays in helping us stay secure and free of vulnerabilities.

If you’ve discovered a vulnerability, bug or something unusual, the best way to contact us is via the submission form below.

For other security issues, you can reach us by emailing support@contentful.com or by opening a support ticket. For encrypted communication, our PGP key is available on Keybase.

We kindly ask that you refrain from publicly disclosing any vulnerability or bug until we’ve had the opportunity to review and address the issue with you directly.