Secure coding principles are followed throughout the development lifecycle.

Continuous scanning, automated dependency updates, and proactive patching of security risks.

Regular internal and third-party security testing to identify and remediate vulnerabilities before they become threats.

Every code change undergoes a rigorous review process to maintain security integrity.

Security tests are integrated into the CI/CD pipeline to detect issues early.

TLS 1.3 secures all data transfers, preventing interception.

AES-256 encryption protects stored data against unauthorized access.

Strict cryptographic policies ensure safe key storage and rotation.

Deprecated methods like 3DES, MD5, and SHA-1 are strictly prohibited, eliminating security risks.

Every new feature undergoes a rigorous security review.

Built into development to proactively identify risks.

Continuously detect vulnerabilities in dependencies and code.

Ongoing developer training on secure coding best practices.

Fine-grained permission management for efficiently overseeing large teams.

Mandatory for all privileged accounts.

Secure access to production environments.

Access is granted only when needed and revoked instantly when it's not.

Ensures security vulnerabilities are resolved promptly.

Any third-party library used in the platform undergoes security evaluations.

Regular assessments to ensure suppliers comply with industry-standard security practices.

Enterprise customers get live chat, expert escalation paths, and a dedicated CSM.

Detects and prevents issues before they impact you.

Critical issue responses are as little as 2 hours for enterprise plans.

Faster page loads, anywhere in the world.

Shields against attacks to keep services running.

Reduces server load and boosts performance.

Detects bottlenecks and optimizes response times.

Identifies threats before they become issues.

Enhanced visibility into security events to support compliance with applicable laws and security standards.

Instantly notifies key executives and security teams at Storyblok.

Regular testing guarantees swift, effective incident response.

Prevents data loss and keeps operations running smoothly.

Instantly adapts to traffic spikes for uninterrupted service.

Distributes traffic efficiently for peak performance.

Redundant infrastructure ensures reliability.

Prioritized response based on predefined severity levels and agreements.

A dedicated team ready to act on high-priority threats.

Post-incident reviews to prevent repeat issues.

GDPR-compliant and meets EU data protection laws.

Supported by AWS data centers in North America (US & Canada), Europe (Germany), and Australia.

Industry-leading compliance standards for data protection.

Data center access is tightly controlled and restricted to authorized personnel.

Customer-managed and securely stored in Amazon S3 for reliable recovery.

In case of a database failure in the main region, a hot-standby replica is available to take over the service immediately.

Restore data to any point in time within the last 14 days.

Validates recoverability for peace of mind.

Resilient operations supported by tested business continuity and disaster recovery plans, with infrastructure redundancy and rapid recovery protocols designed to minimize disruption.

Adheres to ISO 27001, TISAX and industry standards for data security and compliance.

Proactively identifies, assesses, and mitigates security risks to safeguard data and operations.

Compliant with the applicable security and cybersecurity laws, ensuring rapid detection, response, and resolution of security incidents.

By following our Code of Conduct, Anti-Bribery Policy, and Whistleblowing Policy, we all contribute to a culture of accountability and transparency at Storyblok. All stakeholders have to adhere to our Code of Conduct and applicable laws.

Storyblok supports responsible partnerships with like-minded vendors who adhere to applicable laws, fair labor practices, and ethical business standards.

Storyblok complies with all applicable health and safety regulations for remote work.

Storyblok is a remote-first international company committed to fostering an inclusive and diverse workplace. Every person’s unique perspective enhances our creativity and understanding. We work together to build a culture where everyone feels valued and empowered to succeed.

We provide regular training in information security, compliance, and professional development to help our team stay expert in their fields and ensure reliable, trusted service.

Storyblok has zero tolerance for forced labor and is committed to ethical labor practices. We ensure fair wages, reasonable working hours, equal opportunities, and a safe working environment for all team members, in accordance with applicable labor laws and International Labour Organization (ILO) standards.

Our GTC defines platform usage, rights, and responsibilities. The applicable GTC for enterprise customers in the Americas region and the GTC for global self-service customers & enterprise customers in all other regions are available online.

Storyblok is fully compliant with GDPR and other applicable privacy laws. We are also self-certified under the EU-U.S. Data Privacy Framework.