Security Overview
Quick Links
Privacy Policy
The imgix Privacy Policy outlines how we collect, use, and protect your personal information and explains your rights and choices regarding it.
GDPR Compliance
We are GDPR compliant under the Data Privacy Framework.
How imgix Secures Your Information
For account passwords, we rely on industry-standard, high-iteration, adaptive hashing functions to prevent passwords from being readable or reversed.
Billing information such as credit card numbers never touches our servers. Instead, we rely on Stripe to handle billing, which captures and encrypts billing information using industry-standard best practices.
When configuring a Source with sensitive credentials, such as Amazon S3 keys, we immediately encrypt all private information using hardened, industry-standard encryption algorithms. The few internal services that require access to this information have the necessary access to decrypt the information when needed. These services exist within our internal network and are not publicly addressable. As an added layer of security, we recommend that all of our users provide us with read-only credentials when working with an image store like Amazon S3.
Additionally, while we do not store your end-user’s personal information in our logs, we do log requests for debugging and security purposes. These logs are stored securely and only accessible for up to 90 days, after which they are automatically deleted.
To delete all your information, including your account, please log into your dashboard’s account settings page and click the Delete Account button.
See here for more information on what happens when your account is deleted.
Security Questionaires
If you are a premium customer and need to complete a security questionnaire, please contact your account manager.
We do not fill out security questionaires for standard accounts.
SOC2 Compliance
We are SOC2 compliant. Premium customers can obtain a copy of our SOC2 report by contacting their account manager and signing an NDA.
Pen Testing
We undergo yearly pen testing of our systems. If you are a premium customer and require a copy of our pen test results, please contact your account manager.
If you need to perform a pen test on your systems that interact with imgix, please contact support to discuss the scope and timing of the test.
DMCA Takedown Requests
imgix is a CDN that serves and transforms assets online, but we do not host assets, and therefore, we cannot remove images from the Internet. We recommend contacting the website owner or the hosting provider where the image is hosted to request removal.
If you are unable to contact the website owner or hosting provider, you can submit a DMCA takedown request to imgix by emailing dmca@imgix.com and providing the following information:
- The URL of the infringing material.
- The URL of the original material.
- Your contact information, including your name, address, telephone number, and email address.
- A statement that you have a good faith belief that the use of the material in the manner complained of is not authorized by the copyright owner, its agent, or the law.
- A statement that the information in the notification is accurate, and under penalty of perjury, you are authorized to act on behalf of the copyright owner.