Arrow right icon Arrow up icon Activity icon Analytics icon Phone icon Caret down icon Caret left icon Caret right icon Caret up icon Checkmark Servers cluster icon Cross icon Devices icon Discover symbol icon Find symbol icon Inspire symbol icon Iphone icon Lock icon Open lock icon Lock icon Magnifying glass icon Mac icon No network icon Multi cluster icon Menu icon Minus icon Partners icon Personalization icon Plus icon Question icon Search API icon Server icon Shield icon Triangle-right icon Triangle-left icon Triangle-right icon Vault icon Fr Flag Us Flag

Security & Compliance

You can trust us with your data

Hackerone logo

Public bug bounty program

Over $14K paid out since 2015

Report an issue
SOC 2 logo PCI logo

Secured data centers

Our globally-distributed data center partners are ISO27001, SOC 2 and PCI DSS compliant.

CSA logo

Hardened infrastructure

We regularly test our infrastructure for security issues and exploits.

Securing your search stack

SOC 2 illustration

SOC 2 & SOC 3 Compliant

Information security is a top priority at Algolia. We follow all SOC 2 best practices to ensure excellence in each of the AICPA’s five trust service principles.

Vault illustration

Algolia Vault (Enterprise only)

For Enterprise customers, Algolia Vault applies military-grade AES256 encryption to all data at rest, and provides a user-configurable firewall.

Learn more
People illustration

SAML SSO ready

Single sign-on via the SAML 2.0 protocol is supported on our Business and Enterprise plans to streamline enterprise-wide identity management, and allow only authorized users to access Algolia.

Enable SAML SSO
Keys illustration

API keys

In addition to a full-access admin API key and infrastructure monitoring API key, you can generate read-only API keys suitable for use in public facing applications and granular enough to limit access to a specific index.

Read the docs
Lock illustration

A-rated security

Our API servers support HTTPS and all current versions of TLS (1.0, 1.1, and 1.2) with the most up to date cipher suites, leading Qualys SSL labs to give our servers an A rating.

Servers cluster illustration

Cluster isolation

For Enterprise plans, data is hosted on dedicated infrastructure physically separated from the data belonging to other customers with infrastructure monitoring APIs for real-time visibility of cluster health.

Appid illustration

Secure, multi-tenant architecture

For all customers, data is isolated from each other in separate applications, preventing any leakage or exchange of information.

A Zero-Trust network philosophy

Algolia API operates Zero-Trust Network architecture without any trusted network segments, internal networks or DMZ. All the network communication is designed to work over unsecured channels and all the networks are treated as insecure. All network communication is encrypted in transit.

Still have questions?

Talk directly to our security team!

Contact us