Security

We take security very seriously

As an online service provider security is our top priority. We will never sell or share your private data with any third party. We deliver services to numerous customers, including financial services providers, healthcare providers, and governmental agencies who trust us with their most sensitive data.

Security

Certified according to ISO 27001

ISO 27001 is a European standard for Information Security Management System (ISMS). The standard specifies the requirements for the establishment, implementation, maintenance and continuous improvement of a management system.

Our partners, GleSYS, are certified for ISO 27001 proving that they meet the requirements regarding confidentiality, integrity and availability, which are the cornerstones in information security. It also shows that they comply to laws and requirements, such as the Data Protection Regulation GDPR.

pdficon_small  Download GleSYS ISO/IEC 27001:2013 Certificate

ISO 27001

Nextcloud security

Nextcloud aligns with industry standards such as Clause 14 of ISO/IEC27001-2013 and related standards, guidance and security principles.

As an open source solution, Nextcloud is constantly tested and updated by a vast community of users and industry professionals who share the same goal: Total security.

Nextcloud is built around combined assurance layers consisting of rich security features, applied best practices governed by policy and the design itself validated by industry standard testing processes.

Read more about Nextloud security.

View the Core Infrastructure Initiative report for Nextcloud.

Download the VERACODE Application Security Report for Nextcloud.

Encryption

Nextcloud is designed with military-grade encryption and a large number of advanced security protections. Nextcloud uses industry-standard SSL/TLS encryption for data in transfer. Additionally, data at rest in storage can be encrypted using a default military grade AES-256 encryption with server-based or custom key management. Also optionally and on a per-folder base data can be end-to-end encrypted on the client with the server assisting in sharing and key management using a Zero-Knowledge model.
 
 

Security bug bounties

Nextcloud protects your security with a $10,000 (USD) Security Bug Bounty program. Anyone reporting a security vulnerability in Nextcloud can earn up to $10,000, making it one of the highest security bug bounties in the open source industry. More than 3,000 hackers have reported over 24,000 bugs via the program on HackerOne, which leverages the collective knowledge of a huge community of security experts.