Vultr's commitment to you: secure, compliant cloud infrastructure
Security first
Security is at the heart of our mission. We employ best practices to ensure your cloud instances remain safe and secure.
Privacy first
Protecting your data is essential, and we take great care to safeguard it and prevent improper access.
Customer first
Being customer-first is our 'why' at Vultr. You need to safeguard your customers' data and build trust. We get that and are your partner in data privacy and security.
Vultr compliance
Vultr is dedicated to meeting the diverse global risk and compliance needs of our customers, covering areas such as server availability, security, data protection, and privacy. Our commitment to aligning to industry-wide privacy and security frameworks is demonstrated through our alignment with ISO and SOC 2 Type 2 frameworks and privacy regulations. Vultr also complies with the PCI-DSS standard as a PCI Merchant.
Vultr's cloud services are designed with compliance in mind, allowing our customers to deploy solutions tailored to their specific compliance requirements, whether it's HIPAA, ISO, PCI, SOC, or others. By aligning with the compliance frameworks of our data centers, customers can leverage a comprehensive compliance playbook to implement the necessary controls for their environment.
- SOC 2 Type 2
- PCI (Merchant)
- CSA Star Level 1
- ISO 20000
- ISO 27001
- ISO/IEC 27017:2022
- ISO 27018:2022
- FedRAMP
- PCI Service Provider
- MeiTy
As a Vultr customer, access Vultr's compliance artifacts through your my.vultr control panel. Simply select the Account menu and navigate to the Compliance tab.
Data privacy
Vultr is committed to transparent and secure handling of all personal data on our network. Since our inception, Vultr has been committed to upholding and adhering to the strictest data privacy and protection standards across the world, including HIPAA, GDPR, and DPDPA.
Vultr’s collection of personal data is limited by our privacy policy to only include the information required to provide our services and communicate with you. User content data, such as on websites or online services built on Vultr’s infrastructure, are not included in this agreement and Vultr serves solely as a data processor (service provider). Vultr does not claim any rights to, use, access, allow access to, or share your content, other than as may be required by law or for security purposes.
Additionally, Vultr’s data residency options ensure that data remains located within selected regions, and it is not processed in other locations or jurisdictions.
GDPR compliance
Vultr’s processes have gone through an extensive procedural and legal review to ensure we fully meet the requirements set forth in the EU General Data Protection Regulation (GDPR) legislation.
Under the GDPR, Vultr acts as both a data controller and a data processor. Vultr acts as a data controller for customer information that we collect to process payments and provide customer support. When a customer uses our services to process personal data, Vultr acts as a data processor. If GDPR applies to your organization and you need a DPA to satisfy GDPR requirements, Vultr will provide a DPA for signature. Please contact your account manager and/or make a request through a customer support ticket.
If you choose to retrieve or delete the data you have with Vultr, we've created a step by step document that shows you how to delete all your hosted data in our Vultr Docs section. Please review this guide: https://www.vultr.com/docs/vultr-data-portability-guide/.
Compliance with other privacy regulations
Vultr’s services are also compliant with other data privacy and protection regulations, including:
- California's Consumer Privacy Act (CCPA)
- Brazil's Lei Geral de Proteção de Dados (LGPD)
- India Data Protection and Digital Privacy Act (DPDPA)
- U.S. State level regulations in CA, CO, CT, DE, FL, IN, IA, MT, NJ, OR, TN, TX, UT, and VA
Vultr’s commitment to HIPAA compliance is delivered through Business Associate Agreements with our customers and service providers. Vultr also ensures HIPAA customers are deployed at data centers with the HiTrust certification.
Learn more
Shared responsibility model
At Vultr, we recognize that security and compliance are shared responsibilities among us, our customers, and any third-party providers involved in delivering products or services. While Vultr manages and secures the platform's control plane, networks, and cloud storage, our data centers handle physical security controls, and customers are responsible for their applications, data, middleware, operating systems, and storage.
Our rigorous risk management policy requires assessments of all third-party vendors, and our vendor management program maintains stringent policies, processes, and controls to vet all third parties involved in delivering Vultr products or marketplace services.
When customers utilize Vultr alongside products and services provided by our data centers, service providers, and vendors, they benefit from a compliance-focused solution that aligns with various frameworks and regulations, streamlining compliance efforts and alleviating the burden of implementing redundant controls.
Datacenter compliance
| Datacenter | SOC 1 Type 2 | SOC 2 Type 2 | ISO 27001 | PCI-DSS | NIST 800-53 | HITRUST | HIPAA/HiTech |
|---|---|---|---|---|---|---|---|
| Amsterdam | |||||||
| Atlanta | |||||||
| Bangalore | |||||||
| Chicago | |||||||
| Dallas | |||||||
| Delhi NCR | |||||||
| East Wenatchee | |||||||
| Frankfurt | |||||||
| Honolulu | |||||||
| Johannesburg | |||||||
| London | |||||||
| Los Angeles | |||||||
| Madrid | |||||||
| Manchester | |||||||
| Melbourne | |||||||
| Mexico City | |||||||
| Miami | |||||||
| Mumbai | |||||||
| New Jersey | |||||||
| Osaka | |||||||
| Paris | |||||||
| San Jose | |||||||
| Santiago | |||||||
| Sao Paulo | |||||||
| Seattle | |||||||
| Seoul | |||||||
| Silicon Valley | |||||||
| Singapore | |||||||
| Stockholm | |||||||
| Sydney | |||||||
| Tel Aviv | |||||||
| Tokyo | |||||||
| Toronto | |||||||
| Warsaw |
* Other compliance artifact available