Success is built on trust

Cloudinary is committed to upholding the highest compliance standards while you create the engaging experiences that drive the visual economy.


Data privacy is priority

We are committed to providing our users control over their personal data, with full transparency into our privacy practices.

Privacy Policy

Cloudinary’s handling of personal data aligns with all applicable data privacy laws. Website visitors and registered users with a Cloudinary account can view Cloudinary’s privacy practices in the privacy policy.


Data Processing Agreement

Our DPA covers all necessary data processing commitments and practices, describes the controls and safeguards that we have put in place, and applies globally to any customer who has signed an agreement for the purchase of a subscription.



Cloudinary implements controls, measures procedures, and policies to allow its clients to process personal data in compliance with the European Union General Data Protection Regulation (GDPR) EU 2106/679.

Storage & Transfer

Cloudinary uses AWS servers located worldwide, and provides its enterprise customers with the ability to choose that their data will be stored in the EEA. Any data transfer is treated in accordance with our DPA, the New EU Standard Contractual Clauses (SCC), and the EU-U.S. Data Privacy Framework (DPF), including the UK-US extension and the Swiss-US DPF.


Cloudinary’s main sub-processes are some of the world’s most trusted companies. We conduct careful due diligence on the privacy and security practices of third parties we engage to help us provide our services. You can find our list of sub-processors.



Cloudinary invested significant efforts to provide a trusted environment for its clients to meet their obligations under US consumer privacy laws and in particular the California Consumer Privacy Act of 2018 (CCPA) and the California Privacy Rights Act (CPRA).


Security comes first

Cloudinary upholds strict international standards and adheres to applicable regulations to keep your data safe.


The Cloud Security Alliance CAIQ questionnaire offers an industry-accepted methodology to document what security controls exist in IaaS, PaaS, and SaaS services, providing security control transparency.


Cloudinary is an AWS APN Advanced Technology Partner. To receive the designation, APN Partners must possess deep AWS expertise and deliver solutions seamlessly on AWS, including passing an annual AWS Well-Architected Framework audit.


Bug Bounty Program

Cloudinary’s Bug Bounty Program enables globally crowdsourced 24/7/365 vulnerability and risk detection. As a result, systems are under constant scrutiny by dozens of security researchers, who are rewarded for responsible disclosure.


Penetration Tests

Cloudinary conducts ongoing third-party penetration tests by trusted industry experts at least annually, to expose potential vulnerabilities and risks. Once identified, these are addressed and mitigated.

Security Features

We support industry-standard controls to help protect your media. Security features include access controls, single sign-on, multi-factor authentication, and strict enforcement of access patterns. Access is granted according to the principle of least privilege and is fully monitored, end-to-end.

Business Continuity

Our internal Business Continuity & Disaster Recovery plan ensures that critical operations are always available, allowing our services to recover quickly and with minimal data loss in face of any adverse event. Cloudinary facilitates geographic isolation with regional redundant data centers.


Cloudinary products are built on best-in-class core technologies and are designed to remain operational under nearly every operational situation or circumstance.

Service Status

System availability and performance, real-time service status reports, system disruptions, and outage reports are available on our status page. Every API response includes Server-Timing headers.


System Availability

A complete record of system uptime is measured by a third-party and is published on our website. We are committed to a 99.9% uptime.


Corporate Responsibility

As a responsible corporate citizen, we are committed to upholding Environmental, Social, and Governance (ESG) principles. Our innovation and culture are guided by these principles.

Our Environment

Cloudinary is ISO 14001 certified, the international framework for environmental performance. We embrace sustainable practices in our operations, while our products assist customers in reducing their carbon imprint.

Code of Ethics

Cloudinary takes pride in insisting on honesty, quality, integrity and fairness in all aspects of our business. Our Code of Conduct & Business Ethics reflects our values and guidelines for conducting businesses ethically.



Cloudinary undergoes audits by an independent and accredited certification body which verifies it has a systematic approach to managing sensitive information. It included all aspects of the company – people, processes, and systems – by applying a risk-based approach.

SOC 2 Type II certified

The SOC reports are independent third-party examination reports, produced by Deloitte, that demonstrate how Cloudinary has achieved key compliance controls and objectives that meet the SOC 2 Trust Principles criteria for Security, Availability, Privacy, Confidentiality and the HIPAA Security Rule.