Compliance & Privacy at JFrog

At JFrog, we take the privacy, security and integrity of your data seriously.
We adhere to industry standards and comply with relevant security and safety regulations to ensure the security of your data. We are also dedicated to enabling you to comply with your own internal security policies.


Ernst young has audited a Service Organization Control Report (SOC2 Type II) for JFrog which will help you understand the controls that have been established to support operations and compliance at JFrog. The report is validated and updated annually and is a key document that demonstrates and evidences the ways that JFrog achieves and maintains compliance and controls objectives, on an ongoing basis.

JFrog is SOC2 Type II compliant and the corresponding report is available for review upon request. to review the report, please contact


Credit card transactions are handled with the security measures specified in the Payment Card Industries Data Security Standard to keep your credit card information safe. A Qualified ecurity Assessor (QSA) evaluates JFrog compliance with PCI DSS annually and we are currently certified for compliance with PCI DSS v3.2, SAQ A.

ISO 27001

JFrog is certified under the Information Security Management Systems standard ISO 27001, the global standard for IT security management policies. ISO 27001 is designed to cover much more than just IT – it is a framework of policies and procedures that includes people, processes and IT systems by applying a risk management process. For more information regarding the certification of ISO 27001 at JFrog, please contact


JFrog has taken best practice measures to ensure compliance with the European Union’s General Data Privacy Regulation (GDPR) and the California Consumer Privacy Act (CCPA). Our compliance team has guided the way for JFrog employees worldwide to safely care for Personal Identifiable Information (PII), in accordance with the guidelines of the GDPR and the CCPA.

We only collect the minimal Personal Identifiable Information required for us to provide our services and to engage with the community. JFrog has established the following safeguards:

  • PII is only collected if the subject has given prior consent
  • PII is only transmitted over a public network in an encrypted format
  • PII is only accessible by  authorized personnel
  • We prohibit the storage of PII on JFrog workstations, mobile devices, and portable storage

You can learn more about the way we handle PII  in our Privacy Policy.
For any questions regarding GDPR, CCPA and Privacy @ JFrog, please contact

Data centers and main subcontractors

To provide the best user experience, we only engage top-tier vendors dedicated to privacy and security values and standards, including the largest cloud hosts and service providers in the market. Our vendors apply various controls  to secure data including the use of secured data centers and compliance with the strictest certifications and accreditations.

For further information see:

> Amazon Web Services (AWS)
> Microsoft Azure
> Google Cloud Platform (GSP)
> IBM cloud (SoftLayer)
> Salesforces
> Marketo
> NetSuite

Trust @JFrog

Our SaaS products are based on a high availability architecture with no single point of failure. You can see the status of our servers at any time at:


For more information about compliance @JFrog , please visit our blog.