🍪 Cookie Notice

We use cookies to learn how you interact with our content, and show you relevant content and ads based on your browsing history. You can adjust your settings below. Here's our policy.

Cookie settings
Skip to main content

JoyConf 2026 is back. Content Confidence. Human Connection. Save your spot!

ISO 27001 Certified CMS

As an ISO 27001-certified CMS, Storyblok is one of the most secure, enterprise-grade CMSs available on the market. Storyblok is meticulously tested and monitored through best-in-breed security protocols.

Smiling man in a green sweater using a laptop in a cozy library with bookshelves in the background.
owasp-logo
aws-guard-duty-logo

Trusted Infrastructure at Scale

users-icon

Security team

Regular vulnerability and penetration testing by Storyblok's security team and by leading third party security providers.

AWS environment

AWS environment safeguarded by WAF (web application firewall), AI-based intrusion detection via AWS Guard Duty and strong access control using certificate based authentication.

eye-inshape-icon

Continuous monitoring

Continuous monitoring and automatic scaling during high demand periods ensure consistently fast response times and service availability.

Software development

Storyblok incorporates industry leading security measures into every aspect of the software development life cycle (SDLC). This ensures that every line of code we produce follows the highest security standards from inception through to development, QA testing, and release.

  • Strict adherence to OWASP secure coding
    best practices and guidelines.
  • Dedicated security code reviews,
    continuous security training, and security testing.
  • Automated vulnerability testing, scans,
    anomaly detection, and automated dependency updates.
Illustration of a computer screen with coding icons, gears, a profile picture, and a video play symbol, highlighting user interaction.

Data privacy and protection

Our data privacy and protection protocols go well beyond compliance. For us data privacy is not just a checklist. It is one of our driving principles. Our desire to safeguard and protect this principle encompasses every aspect of our company - from software development to employee operations.

arrow-left-right-icon

Data encryption

Data encryption (both in transit and at rest) employing key lengths and algorithms approved by industry leading standards.

puzzle-inshape-icon

Company-wide protocols

Company-wide protocols including strict access control, centralized endpoint management, mandatory security checks and regular security awareness training.

square-check-icon

GDPR compliant

GDPR compliant data storage, management and data processing.

Security standards & certificates

ISO27001

Storyblok is ISO 27001 certified. This recognizes that all our products, operations, support processes and data storage protocols meet the highest international security standards.

OWASP code review

The Open Web Application Security Project® (OWASP) is a nonprofit foundation that works to improve the security of software.

GDPR

The General Data Protection Regulation (GDPR) is among the toughest privacy and security laws in the world. Storyblok is fully GDPR compliant.

WAF

A Web Application Firewall protects web applications by monitoring and filtering traffic.

AWS Guard Duty

Amazon GuardDuty is a threat detection service that continuously monitors your AWS accounts and workloads for malicious activity.

Policies

GDPR & Privacy Policy

Provides information on how and why we collect, use, share, store and delete your data.

Terms and Conditions

The general terms and conditions for using our services.

Data Processing Agreement

Outlines how and which data we process as part of our services.