At Magento, the security of your commerce data is our highest priority
See why hundreds of thousands of merchants trust us with digital commerce
Trust is the foundation of our relationship with hundreds of thousands of merchants around the world. We value the confidence you’ve put in us and take the responsibility of protecting your information seriously. To be worthy of your trust, we built and will continue to grow Magento with an emphasis on security, compliance, and privacy.
Shared responsibility security model
Magento Commerce Cloud relies on a shared responsibility security model where merchants and Magento have different areas of responsibility for maintaining the security of your commerce experience. This approach is intended to provide the greatest flexibility for customization and innovation while reducing the operational responsibilities of the merchant. Customers have the ability to customize the Magento application to their heart's extent. At the same time, Magento provides secure managed services on top of Amazon’s industry leading cloud services.
Secure commerce experiences with control and visibility
Magento Commerce Cloud is designed to provide multiple layers of protection all the way from an end-user's browser to the content delivery network, the payment integration, the cloud environment, and the core application. We work behind the scenes to protect your stores and empower IT administrators with tools that provide control and visibility. Our robust information security management framework is designed to assess risks and build a culture of security at Magento.
Compliant processes and technology architecture
Compliance is an effective way to validate a service’s trustworthiness. We encourage and expect you to verify that our security practices comply with the most widely accepted standards and regulations in the commerce technology industry like PCI, GDPR, SOC 1 and 2. Our independent third-party auditors test our controls and provide their reports and opinions — which we share with you whenever possible.
Data privacy and protection