We take security seriously at Webflow. As a trusted Software as a Service (SaaS) provider for website building and hosting, we continuously aim to not just meet but also exceed industry standards and customer expectations for security controls. That’s why organizations of all sizes rely on Webflow’s enterprise-grade security features. And today, we’re excited to announce that Webflow is now compliant with the SOC 2 Type II standard for security, availability, and confidentiality. 

Webflow’s SOC 2 Type II report

SOC 2 is an auditing measure developed by the American Institute of CPAs (AICPA) that ensures service providers securely manage user data. A little over a year ago, we shared our SOC 2 Type I report, which describes the systems we use to process data and the suitability of those internal controls. 

Now, we’re continuing our longstanding commitment to security with the addition of our SOC 2 Type II report, an internal controls report capturing how our company safeguards customer data worldwide and how well those controls are operating.

An independent auditor, KirkpatrickPrice, conducted an audit of our servers and systems, including Webflow Design and Content Management Service, verifying that our information security practices, policies, procedures, and operations meet the rigorous SOC 2 standards. Additionally, this audit confirmed that our platform is protected against unauthorized physical and logical access.

The components of SOC 2 compliance

Companies that use cloud service providers turn to SOC 2 to assess and provide information regarding the risks associated with third-party technology services. While the Type 1 report describes a service provider’s systems and whether the system is suitably designed to meet relevant trust principles, the Type 2 report details the operational effectiveness of those systems. This includes a historical element that shows how controls were managed by a business over a period of time. It also looks at how effectively our internal controls and processes operate over a longer period of time.

A sample of some controls covered in our SOC 2 Type II include:

• Logical Access Controls
• Application Development Controls
• System Monitoring Controls
• Data Security Controls

What’s next for compliance at Webflow

Part of our ongoing dedication to data security, availability, and confidentiality is our commitment to consistently and critically reviewing how we collect, manage, and secure customer data. And as part of that process, we plan to continue to obtain periodic SOC 2 Type II reports, as well as additional compliance certifications, such as the ISO 27001:2013.

If you'd like to learn more about Webflow's Enterprise security, please contact sales. 

Learn more about Security at Webflow here.