Security, Privacy & Compliance

We are committed to our customers’ information security, privacy and compliance needs. Aiven demonstrates this with ISO 27001 certified Information Security and ISO 27701 certified Information Privacy Management Systems. We are also ISAE 3000 (SOC2) audited. Aiven offers a more secure environment that is PCI-DSS and HIPAA compliant.


ISO/IEC 27001:2013 illustration

Compliant since: 2018

ISO/IEC 27001:2013

Certificate no. 10305 - 03

Published by the International Organization for Standardization and the International Electrotechnical Commission, ISO/IEC 27001 is the standard for Information Security Management Systems (ISMS).

ISO/IEC 27017:2015 illustration

Compliant since: 2022

ISO/IEC 27017:2015

Certificate no. 10305 - 03

As part of the ISO/IEC 27000 family, ISO/IEC 27017 is the security standard for cloud services.

ISAE 3000 (SOC 2) Type 2 illustration

Compliant since: 2019

ISAE 3000 (SOC 2) Type 2

The ISAE 3000 Type 2 report provides information and assurance on the security and reliability of Aiven's services. The document is aligned with AICPA SOC2 Trust Services Criteria.

Download our full SOC2 Type 2 report through our Whistic Profile (requires registration).

PCI DSS illustration

Compliant since: 2020


Contact sales for more information on PCI-DSS

Payment Card Industry Data Security Standard is a standard for secure handling of credit card information.

HIPAA illustration

Compliant since: 2018


Contact sales for HIPAA BAA

Health Insurance Portability and Accountability Act regulates the protection of sensitive patient health information in the US.


ISO/IEC 27018:2019 illustration

Compliant since: 2022

ISO/IEC 27018:2019

Certificate no. 10305 - 03

ISO/IEC 27018 is the standard for protection of personally identifiable information (PII) in the public clouds.

ISO/IEC 27701:2019 illustration

Compliant since: 2022

ISO/IEC 27701:2019

Certificate no. 13470-01

ISO/IEC 27701 is the standard for Privacy Information Management Systems (PIMS).

GDPR illustration

Compliant since: 2017


Contact sales for GDPR DPA

The General Data Protection Regulation regulates data protection and privacy of individuals in the EU and European Economic Area.

CCPA illustration

Compliant since: 2020


Contact sales for CCPA DPA

The California Consumer Privacy Act regulates privacy of consumers in California.

Security is everything. We know that.


Dedicated virtual machines

Some cloud vendors use multi-tenant virtual machines to reduce costs. Aiven delivers all Aiven software on dedicated virtual machines for the best security for every customer.


Encryption for Data in transit and at rest

We enforce Transport Layer Security (TLS) encryption for connections used in transferring data and encrypt it when it is on the disk.


Complete network security

All Aiven nodes are behind a firewall. You can specify the IP addresses that your users are permitted to connect from.

We offer BYOA (Bring your own account) in our cloud services.


Automated security updates

Aiven automatically installs all security updates to make sure that your software is kept current.


Annual security testing

Aiven does an annual externally conducted security evaluation for all our managed cloud services and runs a continuous public bug bounty program.

Our Internal Security Operations team also conducts periodic security assessments.


Need more details?

Get more details on security topics such as access control, encryption, network security, and others by reading our cloud security overview.

Have a question about compliance, privacy, or security?

Leave us a message and we will get back to you.