Data encryption

Is data in Contentful encrypted at rest, as well as in delivery?


Hey hey @hannah! You’re absolutely right regarding encryption of the content during delivery However, I’m not sure about CMA content. I’m calling our Security engineer to the thread @andy for more details regarding this.

Yes content is encrypted per default in transport. The delivery API can optionally be used without https if needed. All of our SDKs default to HTTPS and this is also our recommendation.
The management API will not accept any non HTTPS requests and will redirect to the HTTPS endpoint.

Data at rest encrypted using AES 256 for all databases.