Trust FAQ

Please visit our Security Reports & Certifications Center to request a copy of DigitalOcean's certifications as well as those of our colocated data center providers.

DigitalOcean maintains a paid bug bounty program through Intigriti. Please follow that link to learn more and to submit your bug. Do note we are unable to take bug bounty submissions via email.

If you know about, or are a victim of, abuse on a site hosted by DigitalOcean, please contact our SOC Team through this form.

DigitalOcean's commitment to securing the infrastructure layer is evidenced through our certification suite accessible within our Security Reports & Certifications Center. For more information about securing your OS, middleware, data, and applications, please refer to our Security Best Practices Guides.

Tight role-based access, two-factor authentication, secure network zones, bastion hosts, and secrets management underpin our approach to securing our control plane. Vulnerability and patch management as well as security observability tools help us keep on top of risk in our infrastructure.

For more information about the controls DigitalOcean has in place to secure the control plane, please refer to our SOC 2 and SOC 3 within our Security Reports & Certifications Center.

DigitalOcean maintains a Zero-Footprint data policy by way of our PCI-DSS SAQ-A validation. Through our attestation, DigitalOcean commits to not storing, processing, or transmitting cardholder data within our administrative environment.

DigitalOcean permits customers to run penetration tests on services hosted on DigitalOcean so long as the test does not negatively impact others on the platform / your hypervisor. Negative impacts include; but, are not limited to, large bandwidth usage, CPU resource usage, etc. originating from or sending to your Droplets. In addition, extended network activity to / from the Droplet can cause networking to be disabled on your services. Other customers have successfully completed penetration tests by spreading the test across several Droplets in various regions to reduce the load on a hypervisor.

Please note that should negative impacts permeate to other customers, our Security Operations team will contact you for additional context as to the nature of what the team is conducting. Please read through our Terms of Service to develop a better understanding of the use cases which alert our Security Operations team.

Employees do not have access to the customer content data unless a customer grants us permission for support.

DigitalOcean's Privacy Policy outlines the information we collect and receive about customers.

DigitalOcean's Privacy Policy outlines how we use and share personal information.