Learn moreKontent.ai Horizons is back! Secure your free spot today.

Security policy.


In Kontent.ai, we value your privacy above everything else. That's why we have adopted Security Development Lifecycle (SDLC) in our Agile processes in order to increase the security of the developed product. The main motivation is to increase the security of the developed product. This usually includes reducing the number of security flaws and reducing the severity of the security flaws. Read more about SDLC for agile

Moreover, all of our development team members must attend unique security training focused on writing secure code, doing a security code review, and performing security testing. We also regularly do code review as well as website security scans. Security review is performed:

  • manually—by our security team
  • automatically—we use web application security scanner to ensure Kontent.ai is free of any security vulnerabilities

Both security reviews cover the most frequently occurring vulnerabilities defined as TOP 10 by OWASP standards. Any new vulnerability is inspected by our teams and security expert, and any threats found are fixed within a few hours/days, based on the severity.

Data storage

Kontent.ai stores the data in Microsoft Azure storage. You can choose to store your project data in a data center in Europe (the Netherlands), the United States (East Coast) or Australia (East Coast) . By choosing the location of the data center, your project data and tracked visitor data are stored in the selected area. Project data represents all your content created within the Kontent.ai application. This does not include the user (meta)data required for the Kontent.ai service to work, which will always be stored in the data center located in West Europe. You can find more information about data centers here.

Kontent.ai uses a global Content Delivery Network (CDN) powered by Fastly to deliver content from your website. The CDN has edge nodes all around the world, ensuring fast content delivery no matter the destination.

All data is encrypted by default. We also back up the data on a daily basis and store the backups for 14 days.


We continuously monitor all of our services to ensure the highest availability. You can find the status information of all our services on this status page together with all information about planned maintenance. The Enterprise plan automatically comes with an SLA on service availability, and you can optionally also get an SLA on support response time.

Payment information

Kontent.ai uses FastSpring as a payment provider and we do not store any credit card information. FastSpring addresses all PCI compliance issues and securely processes sensitive data. All FastSpring stores are PCI compliant and adhere to PCI DSS regulations.

GDPR compliance

We take compliance with the European General Data Protection Regulation (GDPR) very seriously. You can find more information about Kontent.ai's commitment to GPDR compliance on this page.

SOC 2 compliance

This auditing procedure ensures that service providers that store customer data in the cloud can securely manage data and protect the privacy and interests of their customers. Kontent.ai is SOC 2 Type 2 compliant, and our reports cover the following Trust Services Criteria that are relevant to the services we provide:

  • Availability – information and systems are available for operation and use as committed or agreed
  • Security – information designated as confidential is protected against unauthorized access, both physical and logical 
  • Confidentiality – information designated as confidential is protected as committed or agreed

Completing the SOC 2 Type 2 examination demonstrates our continuous commitment to information security and protecting our customers’ sensitive data against breaches.

ISO standards

ISO recognizes organizations worldwide that successfully pass a full third-party audit. The audit determines whether or not processes, products, and services fulfill the ISO criteria.

All Kontent.ai services are hosted in the MS Azure infrastructure. Microsoft data centers comply to the following security and data privacy standards - ISO 27001, ISO 9001, ISO 20000-1 and others.

Kontent.ai security review (OWASP standards)

The security review provides an overview of the security measures taken by Kontent.ai to protect content and user data hosted on our platform from unauthorized access. Kontent.ai is regularly tested by the external independent party. If you are interested in security assessment results, feel free to contact us.

Issues reporting

We recognize how important it is to help protect your privacy and security. As a company, we have a vested interest in maintaining the trust you place in us and our products.

If you believe you’ve found a security vulnerability in Kontent.ai, we encourage you to let us know right away by emailing security@kontent.ai (optionally using our PGP key). We would like to ask you not to disclose publicly the issue until we have a chance to address it and will not pursue legal action as long as you make a good-faith effort to avoid privacy violations and destructive exploitation of the vulnerability.

Responsible disclosure is the industry best practice, and we recommend it as a procedure to anyone researching security vulnerabilities. It allows individuals to notify companies of any security threats before going public with the information. This gives software vendors such as us a chance to resolve the problem before the criminally-minded become aware of it.

We will not disclose security issues until our internal investigation is finished, but we will work with you to ensure we fully understand the issue. Once the issue is resolved, we will keep you posted along with a “thank you” and credit for the discovery. We ask for your patience while we make sure all users of our products are protected.

If you have any questions regarding the security of Kontent.ai, do not hesitate to contact us.