Public bug bounty program
Over $14K paid out since 2015Report an issue
Secured data centers
Our globally-distributed data center partners are ISO27001, SOC 2 and PCI DSS compliant.
We regularly test our infrastructure for security issues and exploits.
Securing your search stack
SOC 2 & SOC 3 Compliant
Information security is a top priority at Algolia. We follow all SOC 2 best practices to ensure excellence in each of the AICPA’s five trust service principles.
Algolia Vault (Enterprise only)
For Enterprise customers, Algolia Vault applies military-grade AES256 encryption to all data at rest, and provides a user-configurable firewall.
SAML SSO ready
Single sign-on via the SAML 2.0 protocol is supported on our Business and Enterprise plans to streamline enterprise-wide identity management, and allow only authorized users to access Algolia.
In addition to a full-access admin API key and infrastructure monitoring API key, you can generate read-only API keys suitable for use in public facing applications and granular enough to limit access to a specific index.
Our API servers support HTTPS and all current versions of TLS (1.0, 1.1, and 1.2) with the most up to date cipher suites, leading Qualys SSL labs to give our servers an A rating.
For Enterprise plans, data is hosted on dedicated infrastructure physically separated from the data belonging to other customers with infrastructure monitoring APIs for real-time visibility of cluster health.
Secure, multi-tenant architecture
For all customers, data is isolated from each other in separate applications, preventing any leakage or exchange of information.
A Zero-Trust Network philosophy
Algolia API operates Zero-Trust Network architecture without any trusted network segments, internal networks or DMZ. All the network communication is designed to work over unsecured channels and all the networks are treated as insecure. All network communication is encrypted in transit.
Still have questions?
Talk directly to our security team!Contact us