Security at Crowdin

At Crowdin, we’re committed to following industry standards for security, safety, and privacy.

Security standards

ISO/IEC 27001 zertifiziert

ISO/IEC 27001 zertifiziert

Einhaltung der EU-Datenschutzgrundverordnung (GDPR)

Einhaltung der EU-Datenschutzgrundverordnung (GDPR)

HIPAA-konform

HIPAA-konform

Kunden, die dem HIPAA unterliegen und Crowdin im Zusammenhang mit geschützten Gesundheitsinformationen (Protected Health Information, PHI) nutzen möchten, müssen Crowdins Business Associate Agreement unterzeichnen.

Our policies

Geschäftsbedingungen Datenschutzerklärung Information Security Policy Vulnerability Reporting Policy
GDPR Compliance Cookie Statement HIPAA Disclaimer

Internal Security Measures

Organizational Security

Crowdin Information Security Policy requirements apply to the entire Crowdin organization and are mandatory for all employees and those involved in these business processes. ISMS is built on three pillars: people, processes, and technology. A dedicated Chief Information Security Officer (CISO) is responsible for ensuring the proper protection of information assets and technologies.

Security Training and Awareness

Bei Crowdin absolvieren alle Mitarbeiter das ganze Jahr über Sicherheits- und Sensibilisierungsschulungen. Jedes neue Teammitglied absolviert innerhalb des ersten Monats nach seiner Einstellung eine grundlegende Sicherheitsschulung. Wir führen regelmäßig Zugangsprüfungen und Passwortaktualisierungen durch und arbeiten nach dem Prinzip der geringsten Privilegien. Rollenspezifische Sicherheitsschulungen sind ebenfalls erforderlich.

Hardware Security

All employee laptops have encrypted hard drives. Only the appointed system administrator only conducts hardware and software installation, configuration, or alteration. Delivery, removal of equipment to/from the data center facility is authorized, logged, and monitored. User-specific access credentials (e.g., user ID/password pair, etc.) are required to access workstation equipment, services, and applications.

Physical Security

Crowdin’s office is monitored and protected by an alarm system and equipped with fire alarm systems. Closed-circuit (CCTV) cameras are installed across the office and capture entrances, exits, and other designated areas. Crowdin employees do not have physical access to any of our production facilities, as our whole infrastructure is in the cloud. Secure areas are protected with entry controls, so only authorized personnel is allowed access.

Network Security

Our internal network is restricted, segmented, password-protected, and all network security-related events are logged.

Software Security

Crowdin employs a team of 24/7/365 server specialists to keep our software and its dependencies up to date, removing potential security vulnerabilities. We use monitoring solutions to prevent and eliminate site attacks.

Incident Response

Crowdin implements a protocol for handling security events which includes escalation procedures, rapid mitigation and post mortem. All employees are informed of our policies.

Employee Vetting

Crowdin performs background checks on all new employees, contractors, or other individuals who have access to systems or the network or physical data center facilities in accordance with local laws.

Third-Party & Supplier Security

Crowdin maintains vendor risk management practices to ensure third parties are scrutinized and maintain expected levels of security controls. View our List of Sub-processors.

Application Security

Secure, reliable infrastructure

Crowdin uses Amazon Web Services (AWS) data centers for our computing infrastructure. AWS has ISO 27001 certification and has completed multiple SSAE 16 audits. For more information on their security measures, visit AWS Cloud Security page.

In addition to the benefits provided by AWS, our application has additional built-in security features:

  • Zwei-Faktor-Authentifizierung
  • Single Sign-On via SAML 2.0
  • REST API Authentication (API Key)
  • Rollenbasierte Berechtigungen
  • Backups and versioning
  • Crowdin enforces a password complexity standard

PCI Obligations

When you sign up for a Crowdin’s paid account, we do not store any of your billing information on our servers. All payments made to Crowdin go through our partner, FastSpring. They are compliant with PCI Security Standard. More details about their security setup can be found on Stripe’s Risk Management + Compliance page.

Verfügbarkeit

Check our past month stats at https://status.crowdin.com/. You can request an SLA agreement as a separate service, for this contact us at onboarding@crowdin.com

Access to Data

Access to customer data is limited to authorized employees who require it for their job. An example of this is our Support team. The support team representatives may only have access to the files or settings needed to solve issues submitted by customers.

Business Continuity & Disaster Recovery

We have developed, regularly test and update both a Disaster Recovery Plan and a Business Continuity Plan.

Penetration Testing

Crowdin annually conducts penetration testing by an independent, third-party security audit agency. No customer data is exposed to the agency through pentesting. A summary of penetration test findings is available to enterprise customers upon request.

Kontakt

If you have any questions about security at Crowdin or would like to submit a vulnerability report, please, contact us at support@crowdin.com.

We will work with you to assess the issue and fully address any concerns. Emails about security issues are treated with the highest priority. Safety and security of our service are our top priorities.