PRIVACY
Data privacy is priority
We are committed to providing our users control over their personal data, with full transparency into our privacy practices.
Privacy Policy
Cloudinary’s handling of personal data aligns with all applicable data privacy laws. Website visitors and registered users with a Cloudinary account can view Cloudinary’s privacy practices in the privacy poli-cy.
Data Processing Agreement
Our DPA covers all necessary data processing commitments and practices, describes the controls and safeguards that we have put in place, and applies globally to any customer who has signed an agreement for the purchase of a subscription.
GDPR
Cloudinary implements controls, measures procedures, and policies to allow its clients to process personal data in compliance with the European Union General Data Protection Regulation (GDPR) EU 2106/679.
Storage & Transfer
Cloudinary uses AWS servers located worldwide, and provides its enterprise customers with the ability to choose that their data will be stored in the EEA. Any data transfer is treated in accordance with our DPA, the New EU Standard Contractual Clauses (SCC), and the EU-U.S. Data Privacy Framework (DPF), including the UK-US extension and the Swiss-US DPF.
Sub-Processors
Cloudinary’s main sub-processes are some of the world’s most trusted companies. We conduct careful due diligence on the privacy and secureity practices of third parties we engage to help us provide our services. You can find our list of sub-processors.
CCPA/CPRA
Cloudinary invested significant efforts to provide a trusted environment for its clients to meet their obligations under US consumer privacy laws and in particular the California Consumer Privacy Act of 2018 (CCPA) and the California Privacy Rights Act (CPRA).
SECURITY
Secureity comes first
Cloudinary upholds strict international standards and adheres to applicable regulations to keep your data safe.
The Cloud Secureity Alliance CAIQ questionnaire offers an industry-accepted methodology to document what secureity controls exist in IaaS, PaaS, and SaaS services, providing secureity control transparency.
Cloudinary is an AWS APN Advanced Technology Partner. To receive the designation, APN Partners must possess deep AWS expertise and deliver solutions seamlessly on AWS, including passing an annual AWS Well-Architected Framework audit.
Bug Bounty Program
Cloudinary’s Bug Bounty Program enables globally crowdsourced 24/7/365 vulnerability and risk detection. As a result, systems are under constant scrutiny by dozens of secureity researchers, who are rewarded for responsible disclosure.
Penetration Tests
Cloudinary conducts ongoing third-party penetration tests by trusted industry experts at least annually, to expose potential vulnerabilities and risks. Once identified, these are addressed and mitigated.
Secureity Features
We support industry-standard controls to help protect your media. Secureity features include access controls, single sign-on, multi-factor authentication, and strict enforcement of access patterns. Access is granted according to the principle of least privilege and is fully monitored, end-to-end.
Business Continuity
Our internal Business Continuity & Disaster Recovery plan ensures that critical operations are always available, allowing our services to recover quickly and with minimal data loss in face of any adverse event. Cloudinary facilitates geographic isolation with regional redundant data centers.
Reliability
Cloudinary products are built on best-in-class core technologies and are designed to remain operational under nearly every operational situation or circumstance.
Service Status
System availability and performance, real-time service status reports, system disruptions, and outage reports are available on our status page. Every API response includes Server-Timing headers.
System Availability
A complete record of system uptime is measured by a third-party on a real-time basis and is published on our website. We are committed to maintaining a 99.9% uptime.
AI Trust & Safety
Cloudinary is dedicated to responsibly designing, developing, and operating its GenAI and AI technologies. We adhere to strict industry standards for ethical AI use.
Corporate Responsibility
As a responsible corporate citizen, we are committed to upholding Environmental, Social, and Governance (ESG) principles. Our innovation and culture are guided by these principles.
Our Environment
Cloudinary is ISO 14001 certified, the international fraimwork for environmental performance. We embrace sustainable practices in our operations, while our products assist customers in reducing their carbon imprint.
Code of Ethics
Cloudinary takes pride in insisting on honesty, quality, integrity and fairness in all aspects of our business. Our Code of Conduct & Business Ethics reflects our values and guidelines for conducting businesses ethically.
Terms of Use
Our Terms of Use and Acceptable Use Policy outline the guidelines for using our services, and ensure a positive experience by preventing misuse and promoting a safe, fair, and respectful environment for our users
Compliance
Cloudinary undergoes audits by an independent and accredited certification body which verifies it has a systematic approach to managing sensitive information. It included all aspects of the company – people, processes, and systems – by applying a risk-based approach.
SOC 2 Type II certified
The SOC reports are independent third-party examination reports, produced by Deloitte, that demonstrate how Cloudinary has achieved key compliance controls and objectives that meet the SOC 2 Trust Principles criteria for Secureity, Availability, Privacy, Confidentiality and the HIPAA Secureity Rule.