Announcing Webflow’s SOC 2 Type II compliance

Following our SOC 2 Type I report, Webflow’s additional Type II report is the next step in our organization’s investments in security.

No items found.

Data security is a fundamental element of our commitment to protecting sensitive user information and privacy.

We take security seriously at Webflow. As a trusted Software as a Service (SaaS) provider for website building and hosting, we continuously aim to not just meet but also exceed industry standards and customer expectations for security controls. That’s why organizations of all sizes rely on Webflow’s enterprise-grade security features. And today, we’re excited to announce that Webflow is now compliant with the SOC 2 Type II standard for security, availability, and confidentiality. 

Webflow’s SOC 2 Type II report

SOC 2 is an auditing measure developed by the American Institute of CPAs (AICPA) that ensures service providers securely manage user data. A little over a year ago, we shared our SOC 2 Type I report, which describes the systems we use to process data and the suitability of those internal controls. 

Now, we’re continuing our longstanding commitment to security with the addition of our SOC 2 Type II report, an internal controls report capturing how our company safeguards customer data worldwide and how well those controls are operating.

An independent auditor, KirkpatrickPrice, conducted an audit of our servers and systems, including Webflow Design and Content Management Service, verifying that our information security practices, policies, procedures, and operations meet the rigorous SOC 2 standards. Additionally, this audit confirmed that our platform is protected against unauthorized physical and logical access.

The components of SOC 2 compliance

Companies that use cloud service providers turn to SOC 2 to assess and provide information regarding the risks associated with third-party technology services. While the Type 1 report describes a service provider’s systems and whether the system is suitably designed to meet relevant trust principles, the Type 2 report details the operational effectiveness of those systems. This includes a historical element that shows how controls were managed by a business over a period of time. It also looks at how effectively our internal controls and processes operate over a longer period of time.

A sample of some controls covered in our SOC 2 Type II include:

  • Logical Access Controls
  • Application Development Controls
  • System Monitoring Controls
  • Data Security Controls

What’s next for compliance at Webflow

Part of our ongoing dedication to data security, availability, and confidentiality is our commitment to consistently and critically reviewing how we collect, manage, and secure customer data. And as part of that process, we plan to continue to obtain periodic SOC 2 Type II reports, as well as additional compliance certifications, such as the ISO 27001:2013.

If you'd like to learn more about Webflow's Enterprise security, please contact sales

Learn more about Security at Webflow here.

Webflow Enterprise

Loved by designers. Trusted by enterprises. Bring Webflow in-house at your company with advanced security, custom traffic scaling, guaranteed uptime, and much more.

Subscribe to be a Webflow Insider
Thank you! You are now subscribed!
Oops! Something went wrong while subscribing.
Learn more today


February 25, 2022

Join the conversation

What's Webflow?

Try it for free
More about the Designer


The power of CSS, HTML, and JavaScript in a visual canvas.


Build website interactions and animations visually.

More about Interactions


Define your own content structure, and design with real data.

More about the CMS


Goodbye templates and code — design your store visually.

More about Ecommerce


Edit and update site content right on the page.

More about the Editor


Set up lightning-fast managed hosting in just a few clicks.

More about Hosting