security

When it comes to security and trust, having a secure platform to store, manage, and deliver images, videos, and other media is key. With over 2,000 companies and 250K developers depending on ConvertAVIF, we take our responsibility seriously. Our reliable platform meets your business requirements, and we continuously improve our security standards to ensure your media stays safe.

We are committed to providing a secure platform for media management and delivery, backed by our compliance, useful features, and clear policies. Trust is at the core of what we do, making sure you feel confident with your media, whether you’re a small business or a large enterprise.

Compliance and Testing

At ConvertAVIF, we take compliance and security very seriously. We follow the ISO 27001:2013 standard, which is an international rule for information security management. This means our processes, systems, and people policies are checked by an independent third-party. This audit happens periodically to make sure we stay compliant with the rules. We also work with security firms for evaluation and do penetration testing on our web application and network. This helps us find and fix any vulnerabilities fast. We also use automated tests and scanners to catch common security issues like those listed in the OWASP Top Ten.

We are proud to be an AWS Advanced Technology partner. We completed the Foundational Technical Review by AWS, which confirms that we follow the best practices for cloud deployments and security. This partnership helps us keep our system safe and reliable, giving users peace of mind when they use our service.

Features for secure delivery

ConvertAVIF helps you secure your media delivery on websites and apps by giving you control over your original assets. You can connect your storage or servers to ConvertAVIF with read-only access, so your content stays yours. When you ask for a resource, ConvertAVIF only gets what you need, keeping everything safe. You can also mark your images as private, using either your own storage or ConvertAVIF’s Digital Asset Management system. This way, no one can see your files without the right API keys. To keep things even safer, you can sign URLs and set them to expire after a specific time, stopping anyone else from using your content.

To protect your work, you can watermark your videos and control the changes made to your files with the named transformations feature. If you use the enterprise plan, you get even more advanced security. This includes blocking or allowing incoming requests from certain IPs, IP Ranges, referrers, or even countries. These features help you guard against unauthorized access and make sure your assets are only used by people you trust.

Access Control

ConvertAVIF makes it easy to keep your account safe with multi-factor authentication. This means users must enter an additional code sent to their email every time they log in. This extra step adds a strong layer of security to your account, protecting it from unauthorized access. It’s a simple but powerful way to make sure only the right people get in.

With ConvertAVIF, you can also control what others can do on your account. For example, if you work with a team, you can limit their actions by creating restricted API keys. This helps you keep control over who can upload or manage content. Additionally, Single Sign-On (SSO) lets you manage access controls easily using your main Identity Provider platform. This is especially useful for businesses using ImageKit for media management. Enterprise users also get access to audit logs that help monitor what different users are doing. You can see what changed in your setup and when, giving you more control and peace of mind.

Network

ConvertAVIF works with AWS and Cloudfront CDN to make sure your data moves fast and stays safe. Every day, it handles billions of requests over HTTPS, which keeps everything protected. The team carefully manages SSL Certificates to keep things secure. By using a CDN, the system answers requests faster and adds another layer of safety. If you need more protection, you can connect ImageKit with any other popular CDN for better media delivery and security. This way, you get a fast and safe network without any worries.

Smart Monitoring and High Availability

ConvertAVIF keeps an eye on all incoming traffic and sets up alerts if it notices unusual traffic patterns. If something seems off, the team steps in quickly. They can even block countries, URL patterns, or IPs to keep things safe. The network is built using top cloud providers and spread across six global locations, making it super reliable. If one region has an issue, another region steps in to keep the service running. This smart setup guarantees high availability so your data stays safe and accessible no matter what.

Words not used: procuring, deploying, maintaining, isolated, comply, laws, fallback, unresponsive, temporarily, corrective, measures, customer(s), team, natively, firewalls, requests, perspective, processing.

Custom SLAs

We offer custom SLAs for response and uptime on special enterprise plans. This means that enterprise users can get support that fits their needs better than standard plans. One of the best things about this is having an on-call incident response team ready to help. If there are any security issues that might affect their media delivery, our team steps in quickly to mitigate the problem. This fast action keeps everything running smoothly, giving users peace of mind.

With our custom SLAs, enterprise users also get special access to experts who know how to work through tough situations. This support goes beyond regular help because the team is always ready and knows how to handle complex problems. Our goal is to make sure that every part of the media delivery is safe and reliable. By choosing our enterprise plans, users get both the power to customize their support and the confidence that any issue will be fixed fast.

Internal Systems and Processes

At ConvertAVIF, we keep our systems secure by staying updated on vulnerabilities that affect the OS, languages, and libraries we use. We apply regular patches to fix known issues, including those identified by independent security researchers who test our product.

Access to production systems, staging environments, and customer data is limited according to our ISO 27001:2013 compliance. All new employees undergo a mandatory criminal and employment background check to prevent any security threat from personnel, helping us maintain a secure environment.

Uptime and Transparency

When it comes to uptime and keeping things transparent, having the right tools is key. For example, ConvertAVIF offers a detailed dashboard that provides granular insights into important data like Referrers, IPs, User Agents, and Browsers. With the ability to track traffic patterns, errors, and output formats, ConvertAVIF helps you understand how your content is performing. These stats are updated over the last 90 days, allowing you to quickly spot any anomalies or issues in the traffic being served.

On top of this, billing alerts help keep your costs under control by notifying you when you exceed a certain billing threshold. For full transparency, ConvertAVIF also shares a Server-Timing response header that shows the time it takes to download and transform a media file. This level of detail ensures you know exactly how your resources are being used and helps maintain transparency in all your interactions with the platform.