🍪 Cookie Notice

We use cookies to learn how you interact with our content, and show you relevant content and ads based on your browsing history. You can adjust your settings below. Here's our policy.

Cookie settings
Skip to main content

JoyConf 2026 is back. Content Confidence. Human Connection. Save your spot!

Enterprise Evaluation Resources

Everything you can access right now to evaluate Storyblok's security, compliance, and infrastructure.

No forms. No waiting. No sales calls required — unless you want one.

Get a DemoContact Sales
Smiling woman with long hair in a cozy office setting, desktop and decor behind her, icons of a check mark and cloud in the top right corner.

Find what you need

To learn more about Storyblok's enterprise capabilities, navigate through the following chapters

  • Security & Compliance

    ISO 27001, TISAX, GDPR compliance, etc.

    View more

  • SLAs & Support

    Uptime guarantees, support commitments, and backup policies.

    View more

  • Enterprise Capabilities

    Features, guarantees and everything else you migh want to know.

    View more

  • Infrastructure

    AWS hosting, data residency, encryption, and global availability.

    View More

  • Governance & Legal

    Data protection agreements, corporate policies, and compliance frameworks.

    View more

Security & Compliance

Enterprise Protection You Can Trust

At Storyblok, security is integral to our software development. As an ISO 27001 and TISAX-certified company, we uphold strict international standards for information security and data protection, ensuring your digital presence is secure and compliant.

ISO 27001 Certified

Proven, audited, trusted.

Storyblok is certified by TÜV Rheinland for ISO 27001, meeting the highest global standards for data security and risk management across our platform, processes, and people.

Secure Development Practices

Built with security baked in.

We follow OWASP best practices, conduct peer code reviews, run automated security tests, and host regular security workshops—so everything we ship is secure by design.

GDPR Compliant

Privacy by design, compliance by default.

Storyblok is fully GDPR compliant—from data storage to processing—ensuring your customer data stays secure, private, and handled with care across every touchpoint.

DDoS Protection & Threat Detection

Defense without delay.

With AWS Shield, Web Application Firewall (WAF), and GuardDuty, we automatically detect and block malicious traffic, bots, and emerging threats—before they become a problem.

TISAX Ready

Automotive-grade assurance.

Storyblok meets the strict standards of TISAX—developed by the German automotive industry (VDA)—to support secure collaboration across global, complex supply chains.

Incident Response & Monitoring

Eyes on, 24/7.

We monitor in real time, follow defined incident response protocols, and run regular penetration tests to ensure your content is always protected—and your team always confident.
Trust Center

Your hub for the latest information about Storyblok security practices, GDPR compliance, and updates about the operational state of our services.

  • ISO 27001 & TISAX certified, and GDPR compliant.

  • Ensuring service reliability and 99.99% uptime SLA.

View Trust Center
SLAs & Support

Contractual Commitments

Storyblok's uptime guarantees are contractual commitments with financial consequences, not marketing promises.

chart-column-increasing-icon

Up to 99.99% Uptime

No interruptions, just impact.

  • Premium & Elite Plans: 99.9% uptime annual average (43.8 minutes downtime/month max)
  • SLA breach remediation: Pro-rated refund credit for next billing cycle

Access now:

sprout-icon

Data Backup & Recovery

Disaster recovery, simplified.

  • Daily automated backups to Amazon S3
  • 14-day point-in-time recovery
  • Read replica with automatic failover for database failures
  • Regular backup testing to validate recoverability

Access now:

arrow-left-right-icon

24/7 Global Support

Always-on assistance.

  • Enterprise customers get dedicated Customer Success Manager 
  • Premium and Elite plans include in-app live chat access 
  • All plans include Help Center access and active Discord community 
  • Extended Support Package available for Enterprise plans

Access now:

Infrastructure

AWS Hosting and Global Availability

Storyblok runs entirely on AWS. That means you inherit AWS's compliance posture and infrastructure reliability, plus Storyblok's application-layer security controls.

AWS Compliance (Inherited)

Best-in-class infrastructure foundation.

Storyblok's infrastructure inherits these AWS certifications: SOC 1/2/3, ISO 27001, PCI DSS Level 1, FISMA, FedRAMP, DOD CSM Levels 1-5, FIPS 140-2, and more.

Access now:

Network & Application Security

Fast. Secure. Ready for anything.

  • TLS 1.2 / TLS 1.3 for all data in transit
  • HTTPS-only connections for all API communication
  • AWS WAF protecting APIs against XSS, SQL injection, brute force attacks
  • AWS CloudWatch monitoring and automated anomaly detection

Access now:

Data Encryption

Encrypted at rest and in transit.

  • At rest: AES-256 encryption for all stored data, backups encrypted in Amazon S3
  • In transit: TLS 1.2 minimum, TLS 1.3 supported
  • No legacy encryption algorithms (3DES, MD5, SHA-1 prohibited)

Access now:

puzzle-inshape-icon

Global data centers

Operate anywhere, scale everywhere.

  • Hosting: Amazon AWS
  • Primary regions: Europe (Frankfurt, Germany), North America (US & Canada), Australia
  • Separate deployment: Mainland China (isolated infrastructure)
  • Data residency choice: Customers choose where their data is hosted

Access now:

square-check-icon

Global CDN & Performance

Content, delivered at the speed of thought.

Powered by AWS and Amazon CloudFront, Storyblok's global CDN ensures your content loads instantly—anywhere in the world.

  • Support for 70 billion API calls per month
  • Edge caching to reduce latency
  • AWS WAF protection against attacks

Access now:

Governance & Legal

Data Protection and Corporate Accountability

Storyblok's governance framework covers data protection, corporate accountability, vendor management, and business continuity.

arrow-left-right-icon

Data Processing Agreement (DPA)

Your rights, our obligations.

Full legal terms for Storyblok acting as data processor, including:

  • Standard Contractual Clauses (SCC) for EU data transfers
  • Subprocessor obligations and 30-day notification process
  • Data subject rights procedures
  • Security incident notification requirements

Access now:

globe-inshape-icon

Corporate Governance Policies

Ethical business practices.

Publicly available policies demonstrating Storyblok's commitment to ethical business practices and compliance:

Access now:

pen-line-icon

General Terms & Conditions

Platform usage, rights, and responsibilities.

Our GTC defines platform usage, rights, and responsibilities:

Access now:

Transparent Pricing

Built for any project. Discover Storyblok's transparent and flexible pricing subscriptions.

  • Fully customized consumption from spaces to users.

  • Ensuring service reliability and 99.99% uptime SLA.

Explore Pricing
Case Studies

Customer Stories

Discover how Storyblok empowers businesses to transform content into captivating digital experiences.

Visit our Case Studies hub
Education First

Explore how Education First built a global site with 9000+ pages and 54+ language variations.

Octopus Energy

See how Octopus Energy releases new websites in five minutes and reduced Engineer requests by over 65%.

Marc O'Polo

Find out how Marc O'Polo built and implemented their global eCommerce shop in just 14 days.

Ready to Move Forward?

You've reviewed our security documentation. Now let's discuss how Storyblok fits your specific enterprise requirements.

Contact Sales

Talk to our team about Premium or Elite plans, custom SLAs, and compliance questions.

Explore Trust Center

Real-time security updates, compliance status, and operational information.