Over $14K paid out since 2015Report an issue
Our globally-distributed data center partners are ISO27001, SOC2 and PCI DSS compliant.
We regularly test our infrastructure for security issues and exploits.
Information security is a top priority at Algolia. We follow all SOC2 best practices to ensure excellence in each of the AICPA’s five trust service principles.
For Enterprise customers, Algolia Vault applies military-grade AES256 encryption to all data at rest, and provides a user-configurable firewall.Learn more
Single sign-on via the SAML 2.0 protocol is supported on our Business and Enterprise plans to streamline enterprise-wide identity management, and allow only authorized users to access Algolia.Enable SAML SSO
In addition to a full-access admin API key and infrastructure monitoring API key, you can generate read-only API keys suitable for use in public facing applications and granular enough to limit access to a specific index.Read the docs
Our API servers support HTTPS and all current versions of TLS (1.0, 1.1, and 1.2) with the most up to date cipher suites, leading Qualys SSL labs to give our servers an A rating.
For Enterprise plans, data is hosted on dedicated infrastructure physically separated from the data belonging to other customers with infrastructure monitoring APIs for real-time visibility of cluster health.
For all customers, data is isolated from each other in separate applications, preventing any leakage or exchange of information.
Algolia API operates Zero-Trust Network architecture without any trusted network segments, internal networks or DMZ. All the network communication is designed to work over unsecured channels and all the networks are treated as insecure. All network communication is encrypted in transit.
Talk directly to our security team!Contact us