Vultr Control Plane compliance

Current compliance attestations:

  • SOC 2 Type 2
  • PCI (Merchant)
  • CSA Star Level 1
  • ISO 20000
  • ISO 27001

In-progress compliance roadmap

  • PCI Service Provider

2025 planned compliance roadmap

  • ISO 27017:2022
  • ISO 27018:2022
  • MeiTy
  • FedRAMP
  • SOC 2 +

Vultr's commitment to you: secure, compliant cloud infrastructure

Security first

Security is at the heart of our mission. We employ best practices to ensure your cloud instances remain safe and secure.

Privacy first

Protecting your data is essential, and we take great care to safeguard it and prevent improper access.

Customer first

Being customer-first is our 'why' at Vultr. You need to safeguard your customers' data and build trust. We get that and are your partner in data privacy and security.

Vultr compliance

Vultr is dedicated to meeting the diverse global risk and compliance needs of our customers, covering areas such as server availability, security, data protection, and privacy. Our commitment to aligning to industry-wide privacy and security frameworks is demonstrated through our alignment with ISO and SOC 2 Type 2 frameworks and privacy regulations. Vultr also complies with the PCI-DSS standard as a PCI Merchant.

Vultr's cloud services are designed with compliance in mind, allowing our customers to deploy solutions tailored to their specific compliance requirements, whether it's HIPAA, ISO, PCI, SOC, or others. By aligning with the compliance frameworks of our data centers, customers can leverage a comprehensive compliance playbook to implement the necessary controls for their environment.

Here is a list of Vultr's current attestations and certifications:
  • SOC 2 Type 2
  • PCI (Merchant)
  • CSA Star Level 1
  • ISO 20000
  • ISO 27001


Our ongoing compliance roadmap includes aligning to the following industry standards and regulations:

  • ISO/IEC 27017:2022
  • ISO 27018:2022
  • FedRAMP
  • PCI Service Provider
  • MeiTy
  • SOC 2 +


As a Vultr customer, access Vultr's compliance artifacts through your my.vultr control panel. Simply select the Account menu and navigate to the Compliance tab.

Shared responsibility model


At Vultr, we recognize that security and compliance are shared responsibilities among us, our customers, and any third-party providers involved in delivering products or services. While Vultr manages and secures the platform's control plane, networks, and cloud storage, our data centers handle physical security controls, and customers are responsible for their applications, data, middleware, operating systems, and storage.

Our rigorous risk management policy requires assessments of all third-party vendors, and our vendor management program maintains stringent policies, processes, and controls to vet all third parties involved in delivering Vultr products or marketplace services.

When customers utilize Vultr alongside products and services provided by our data centers, service providers, and vendors, they benefit from a compliance-focused solution that aligns with various frameworks and regulations, streamlining compliance efforts and alleviating the burden of implementing redundant controls.

Shared Responsibilities Image

Datacenter compliance

Datacenter SOC 1 Type 2 SOC 2 Type 2 ISO 27001 PCI-DSS NIST 800-53 HITRUST HIPAA/HiTech
Amsterdam
Atlanta
Bangalore
Chicago
Dallas
Delhi NCR
East Wenatchee
Frankfurt
Honolulu
Johannesburg
Lisle
London
Los Angeles
Madrid
Manchester
Melbourne
Mexico City
Miami
Mumbai
New Jersey
Osaka
Paris
San Jose
Santiago
Sao Paulo
Seattle
Seoul
Silicon Valley
Singapore
Stockholm
Sydney
Tel Aviv *
Tokyo
Toronto
Warsaw

* Other compliance artifact available

Get started, or get some advice