Fiverr values its customers’ security and safety. We are therefore committed to ensuring that our marketplace remains secure.
Dedicated security team
- Fiverr’s full-time, in-house team of security experts is focused on ensuring security across the company, in our platform, infrastructure, and operations.
Policies
- Fiverr has developed a comprehensive set of security policies covering a range of topics, which is reviewed and approved annually by management.
Compliance
- Fiverr’s Information Security Management System (ISMS) has been certified against ISO/IEC 27001, the international standard for information security.
- Fiverr is Payment Card Industry Data Security Standard (PCI-DSS) certified.
Please see the certificates for your reference:
Fiverr_PCI DSS Certification Feb 2024
Secure Development Lifecycle
- Fiverr continually works to identify and fix security vulnerabilities in our product and infrastructure.
- Application penetration tests are performed on an annual basis by an independent third party.
- All Fiverr engineers are trained in the latest security coding best practices.
- Fiverr operates a Bug Bounty program in collaboration with BugCrowd. If you discover a vulnerability, please reach out to security@fiverr.com to receive information about how to participate in our program.
Data Hosting
- Fiverr hosts service data primarily in Amazon Web Services (AWS) data centers, that are certified against the following standards: ISO/IEC 27001, ISO/IEC 27017, SOC 1, SOC 2, SOC 3, PCI DSS, HIPAA, CSA Star, FedRAMP and many others. Additional details are available here & here.
Encryption
- We use industry-standard encryption protocols (TLS) to encrypt data transmitted between our users and our servers.
- We encrypt data using strong encryption algorithms, based on the sensitivity of the data. Cryptographic algorithms, key lengths, and strength, are set in accordance with industry best practices.
Access control
- Access to the production environment is restricted to authorized personnel only and granted based on role and in accordance with the need-to-know and least-privileged principles.
- Authorized personnel are authenticated via a multiple-factor authentication system before establishing a secure connection.
Account security
- Our platform supports various social logins and provides authentication options through these providers.
- Users can also enable 2-factor authentication (2FA) via SMS, Email or app notification.