Information security

Fiverr values its customers’ security and safety. We are therefore committed to ensuring that our marketplace remains secure.

 

Dedicated security team

  • Fiverr’s full-time, in-house team of security experts is focused on ensuring security across the company, in our platform, infrastructure, and operations.

Policies

  • Fiverr has developed a comprehensive set of security policies covering a range of topics, which is reviewed and approved annually by management.

Compliance

  • Fiverr’s Information Security Management System (ISMS) has been certified against ISO/IEC 27001, the international standard for information security.
  • Fiverr is Payment Card Industry Data Security Standard (PCI-DSS) certified.

Please see the certificates for your reference:

ISO 27001 Certificate

Fiverr_PCI DSS Certification Feb 2024

 

Secure Development Lifecycle

  • Fiverr continually works to identify and fix security vulnerabilities in our product and infrastructure.
  • Application penetration tests are performed on an annual basis by an independent third party.
  • All Fiverr engineers are trained in the latest security coding best practices.
  • Fiverr operates a Bug Bounty program in collaboration with BugCrowd. If you discover a vulnerability, please reach out to security@fiverr.com to receive information about how to participate in our program.

Data Hosting

  • Fiverr hosts service data primarily in Amazon Web Services (AWS) data centers, that are certified against the following standards: ISO/IEC 27001, ISO/IEC 27017, SOC 1, SOC 2, SOC 3, PCI DSS, HIPAA, CSA Star, FedRAMP and many others. Additional details are available here & here.

Encryption

  • We use industry-standard encryption protocols (TLS) to encrypt data transmitted between our users and our servers.
  • We encrypt data using strong encryption algorithms, based on the sensitivity of the data. Cryptographic algorithms, key lengths, and strength, are set in accordance with industry best practices.  

 Access control

  • Access to the production environment is restricted to authorized personnel only and granted based on role and in accordance with the need-to-know and least-privileged principles.
  • Authorized personnel are authenticated via a multiple-factor authentication system before establishing a secure connection.

 Account security

  • Our platform supports various social logins and provides authentication options through these providers. 
  • Users can also enable 2-factor authentication (2FA) via SMS, Email or app notification.

Was this article helpful?