Vultr Host node uptime

Vultr Control Plane compliance

Current Compliance Attestations and Certifications:

  • ISO 20000
  • ISO 27001
  • SOC 2 Type 2
  • PCI (Merchant)
  • CSA Star Level 1

Vultr network uptime

In Progress Compliance Projects

  • PCI Service Provider
  • FedRAMP

Deploy Your Instance

2025 Planned Compliance Projects

  • ISO 27017
  • ISO 27018
  • MeiTy

Vultr Compliance

Vultr is dedicated to meeting the diverse global risk and compliance needs of our customers, covering areas such as server availability, security, data protection, and privacy. Our commitment to compliance is demonstrated through our CSA Star Level I assessment (CAIQ) and our SOC 2 Type 2 attestation, verified by independent third-party auditors, and our ongoing adherence to the SOC 2 framework.

As a Vultr customer, you can request our compliance artifacts by simply submitting a support ticket through the customer dashboard at my.vultr.com. Additionally, we ensure that our hosting services comply with the same high standards upheld by our data center partners, guaranteeing customer availability, security, and privacy.

Vultr's hosting services are designed with compliance in mind, allowing our customers to deploy solutions tailored to their specific compliance requirements, whether it's HIPAA, ISO, PCI, SOC, or others. By aligning with the compliance frameworks of our data centers, customers can leverage a comprehensive compliance playbook to implement the necessary controls for their environment.

Our ongoing compliance roadmap includes aligning to the following industry standards and regulations:

  • ISO/IEC 20000
  • ISO/IEC 27001:2022
  • ISO/IEC 27017:2022
  • ISO 27018:2022
  • FedRAMP
  • PCI Service Provider
  • MeiTy



At Vultr, we recognize that security and compliance are shared responsibilities among us, our customers, and any third-party providers involved in delivering products or services. While Vultr manages and secures the platform's control plane, networks, and cloud storage, our data centers handle physical security controls, and customers are responsible for their applications, data, middleware, operating systems, and storage.

Our rigorous risk management policy requires assessments of all third-party vendors, and our vendor management program maintains stringent policies, processes, and controls to vet all third parties involved in delivering Vultr products or marketplace services.

When customers utilize Vultr alongside products and services provided by our data centers, service providers, and vendors, they benefit from a compliance-focused solution that aligns with various frameworks and regulations, streamlining compliance efforts and alleviating the burden of implementing redundant controls.

For inquiries about our customer compliance playbook or any other compliance-related matters, please contact us at grc@vultr.com. Shared Responsibilities Image

Datacenter Compliance

Datacenter SOC 1 Type 2 SOC 2 Type 2 ISO 27001 PCI-DSS NIST 800-53 HITRUST
Amsterdam
Atlanta
Bangalore
Chicago
Dallas
Delhi NCR
Frankfurt
Honolulu
Johannesburg
London
Los Angeles
Madrid
Manchester
Melbourne
Mexico City
Miami
Mumbai
New Jersey
Osaka
Paris
San Jose
Santiago
Sao Paulo
Seattle
Seoul
Silicon Valley
Singapore
Stockholm
Sydney
Tel Aviv *
Tokyo
Toronto
Warsaw

* Other compliance artifact available

Additional resources

Compliance FAQs

FAQ

Are Vultr services GDPR compliant?

Vultr is committed to transparent and secure handling of all personal data on our network. Our processes have gone through an extensive procedural and legal review to ensure we fully meet the requirements set forth in the EU General Data Protection Regulation (GDPR) legislation.

What is Vultr's role with respect to GDPR?

Vultr acts as both a data controller and a data processor. Vultr acts as a data controller for customer information that we collect to process payments and provide customer support. When a customer uses our services to process personal data, Vultr acts as a data processor.

Does Vultr offer a Data Processing Addendum?

If GDPR applies to your organization and you need a DPA to satisfy GDPR requirements, Vultr will provide a DPA for eSignature. Please contact your account manager and/or make a request through the customer support system here.

How can I delete or retrieve the data I have with Vultr?

We've created a step by step document that shows you how to delete all your hosted data in our Vultr Docs section. Please review this guide: https://www.vultr.com/docs/vultr-data-portability-guide/.

Are Vultr services GDPR compliant?

Vultr is committed to transparent and secure handling of all personal data on our network. Our processes have gone through an extensive procedural and legal review to ensure we fully meet the requirements set forth in the EU General Data Protection Regulation (GDPR) legislation.