Vultr Control Plane compliance
Attestations and certifications
  • SOC 2+ (HIPAA)
  • PCI (Merchant)
  • CSA Star Level 1
  • ISO/IEC 20000-1:2018
  • ISO/IEC 27001:2022
  • ISO/IEC 27017:2015
  • ISO/IEC 27018:2019
In-progress compliance roadmap
Building a more secure platform for you
  • MeitY
  • NIST 800-53
Planned compliance roadmap
Documenting our adherence to industry standards
  • MeitY
  • NIST 800-53
  • FedRAMP

Download
Building trusted cloud infrastructure by putting security and compliance at the heart of our mission

Vultr delivers enterprise-grade composable cloud infrastructure with global reach and unmatched price-to-performance. When designing our services, your security and privacy are our foremost priorities.

No information is required for download

Vultr's commitment to you:
Secure, compliant cloud infrastructure

Security first
Security is at the heart of our mission. We employ best practices to ensure your cloud instances remain safe and secure.
Privacy first
Protecting your data is essential, and we take great care to safeguard it and prevent improper access.
Customer first
Being customer-first is our 'why' at Vultr. You need to safeguard your customers' data and build trust. We get that and are your partner in data privacy and security.

Current attestations and certifications
  • SOC 2+ (HIPAA)
  • PCI (Merchant)
  • CSA Star Level 1
  • ISO/IEC 20000-1:2018
  • ISO/IEC 27001:2022
  • ISO/IEC 27017:2015
  • ISO/IEC 27018:2019
Our ongoing compliance roadmap includes:
  • Meity
  • NIST 800-53
Vultr compliance
Vultr is dedicated to meeting the diverse global risk and compliance needs of our customers, covering areas such as server availability, security, data protection, and privacy. Our commitment to aligning to industry-wide privacy and security frameworks is demonstrated through our alignment with ISO and SOC 2+ frameworks and privacy regulations. Vultr also complies with the PCI-DSS standard as a PCI Merchant.

Vultr's cloud services are designed with compliance in mind, allowing our customers to deploy solutions tailored to their specific compliance requirements, whether it's HIPAA, ISO, PCI, SOC, or others. By aligning with the compliance frameworks of our data centers, customers can leverage a comprehensive compliance playbook to implement the necessary controls for their environment.

As a Vultr customer, access Vultr's compliance artifacts through your my.vultr control panel. Simply select the Account menu and navigate to the Compliance tab.

Vultr certifications
Announcing Vultr’s New ISO Certifications
Read the blog
Build intelligently.
Save significantly.
Wave pattern
Vultr compliance artifacts
Compliance Made Simple: Ensuring Data Security with Vultr
Read the white paper
How Vultr keeps your data safe.
Wave pattern

Vultr’s data residency options ensure that data remains located within selected regions, and it is not processed in other locations or jurisdictions.
Data privacy
Vultr is committed to transparent and secure handling of all personal data on our network. Since our inception, Vultr has been committed to upholding and adhering to the strictest data privacy and protection standards across the world, including HIPAA, GDPR, and DPDPA.

Vultr’s collection of personal data is limited by our privacy policy to only include the information required to provide our services and communicate with you. User content data, such as on websites or online services built on Vultr’s infrastructure, are not included in this agreement and Vultr serves solely as a data processor (service provider). Vultr does not claim any rights to, use, access, allow access to, or share your content, other than as may be required by law or for security purposes.

See Vultr's privacy policy
Vultr’s processes have gone through an extensive procedural and legal review to ensure we fully meet the requirements set forth in the EU General Data Protection Regulation (GDPR) legislation.
GDPR compliance
Under the GDPR, Vultr acts as both a data controller and a data processor. Vultr acts as a data controller for customer information that we collect to process payments and provide customer support. When a customer uses our services to process personal data, Vultr acts as a data processor. If GDPR applies to your organization and you need a DPA to satisfy GDPR requirements, Vultr will provide a DPA for signature. Please contact your account manager and/or create a support ticket.

If you choose to retrieve or delete the data you have with Vultr, we've created a step by step document that shows you how to delete all your hosted data in our Vultr Docs section.

Read the data portability guide
Where applicable when customers request, Vultr aligns customer deployments to data centers with approved certifications.
Compliance with other privacy regulations
Vultr’s services are also compliant with other data privacy and protection regulations, including:
  • California's Consumer Privacy Act (CCPA)
  • Brazil's Lei Geral de Proteção de Dados (LGPD)
  • India’s Digital Personal Data Protection Act (DPDPA)
  • U.S. State level regulations in CA, CO, CT, DE, FL, IN, IA, MT, NJ, OR, TN, TX, UT, and VA

Data residency with Vultr
Ensuring Privacy, Security, and Compliance
Read the blog
How Vultr protects your data in today's digital world
Wave pattern
Responsible AI practices
Global implications of the EU AI Act
Read the white paper
A proactive approach for distributed enterprises
Wave pattern

At Vultr, we recognize that security and compliance are shared responsibilities among us, our customers, and any third-party providers involved in delivering products or services.
Shared responsibility model
At Vultr, we recognize that security and compliance are shared responsibilities among us, our customers, and any third-party providers involved in delivering products or services. While Vultr manages and secures the platform's control plane, networks, and cloud storage, our data centers handle physical security controls, and customers are responsible for their applications, data, middleware, operating systems, and storage.

Our rigorous risk management policy requires assessments of all third-party vendors, and our vendor management program maintains stringent policies, processes, and controls to vet all third parties involved in delivering Vultr products or marketplace services.

When customers utilize Vultr alongside products and services provided by our data centers, service providers, and vendors, they benefit from a compliance-focused solution that aligns with various frameworks and regulations, streamlining compliance efforts and alleviating the burden of implementing redundant controls.

Separation of responsibilities

You manage
Provider managed
Infrastructure as a Service
Applications
Data
Runtime
Middleware
O / S
Virtualization
Servers
Storage
Networking
Platform as a Service
Applications
Data
Runtime
Middleware
O / S
Virtualization
Servers
Storage
Networking

Data center region compliance

Region SOC 1 Type 2 SOC 2 Type 2 ISO 27001 PCI-DSS NIST 800-53 HIPAA (HITRUST/HiTech)

* SOC 3 Report Available

Get started,
or get some advice

Create account