At FlippingBook, customer trust and security always come first. That’s why our products, services, and systems meet the latest compliance standards and requirements.

We’re here to protect

your data

with GDPR compliance

FlippingBook keeps the data of its users private and protected by taking the necessary steps to stay compliant with the General Data Protection Regulation (GDPR).

your content

with Amazon servers

The content you create and host with FlippingBook is stored securely on Amazon Web Services (AWS). Amazon has 15+ years of experience operating large-scale data centers in compliance with international security standards.

your payments

with PCI DSS

All financial transactions with FlippingBook and the associated confidential data are processed by Cleverbridge, an ecommerce solution compliant with the Payment Card Industry Data Security Standard (PCI DSS).

Our security posture is strong

We take cybersecurity seriously, introducing efficient protective measures against any and all possible threats. But don't take our word for it—discover FlippingBook's cybersecurity rating provided by SecurityScorecard.

We care

We don’t just follow dry international security guidelines—we care. That’s why our internal workflows are aimed at keeping your content and all interactions with FlippingBook safe, secure, and effective.

  • Efficient customer support. Our Customer Support team is here to assist you with any issues you may encounter while using FlippingBook products. In case of emergencies on our side, senior developers join the support team to investigate and resolve issues whenever they occur—day or night, on weekdays and weekends.
  • Regular status updates. Funny enough, security and transparency should go hand in hand. Keeping this in mind, we have a status page where we provide regular updates in case of any interruptions in our service.
  • System monitoring and alerts. Our automated internal monitoring systems continuously test the integrity of our infrastructure and send out alerts and warnings to senior developers whenever an issue occurs, so they can take immediate action.
  • Secure development. Our team of experienced in-house developers and QA engineers work tirelessly to deliver safe, user-friendly products in compliance with the Open Web Application Security Project (OWASP) guidelines.
  • Limited data access. FlippingBook’s employees have access to your account data and the data related to the flipbooks you create only when it’s absolutely necessary to do their job properly. These data can be accessed when employees investigate and resolve issues, or respond to customer support requests. Any changes to customer data are logged and monitored.
  • Penetration testing. Nobody thrives in the comfort zone. We do penetration tests on an annual basis to make sure our systems are well-protected from malicious attacks. A pen test is an authorized simulated cyber attack aimed at uncovering exploitable system vulnerabilities and fixing them.
  • Moral and ethical values. We believe that the content created and hosted with FlippingBook reflects who we are as a company, and we want to be a company you can trust. That’s why we’ve set up algorithms to detect and remove phishing content, explicit content, and content that supports or encourages terrorism. This way you can be sure that your flipbooks, as a format, will never be associated with the content types listed above.

Have any questions about content security left? Ask a live expert


  • What security policies and procedures do you have in place?

    We’ve partnered with the Cloud Security Alliance (CSA) to make our Consensus Assessment Initiative Questionnaire (CAIQ) publicly available. The CSA is one of the world’s leading cloud service security advisors. The information in the questionnaire covers a wide compliance spectrum.

  • Where is my data stored and how is the physical access managed?

    FlippingBook’s information technology infrastructure is hosted exclusively across state-of-the-art data centers operated by Amazon Web Services (AWS), and all data in transit and data at rest are encrypted using the most up-to-date protocols (specifically TLS V1.2 and AES-256). Physical access to the data centers is logged, monitored, and retained. AWS correlates information gained from logical and physical monitoring systems to enhance security on an as-needed basis.

  • How do you ensure no other client sees my data?

    Customer data is stored in multi-tenant datastores and assigned a unique tenant token, which prevents one customer from accessing another customer's data.

  • How do you ensure no unauthorized FlippingBook employees see my data?

    Production access is limited to a small group of employees at FlippingBook, and is granted through explicit permission from senior management. Also, any change that we make to any of our clients' data is logged, and these logs are monitored on a weekly basis.

  • Do third parties have access to my data?

    In addition to AWS, FlippingBook uses some other third-party services to perform certain operations, e.g. financial transactions. FlippingBook thoroughly researches all potential vendors and evaluates their security standards prior to entering into any commitments with them. Thus, only the vendors who have security capabilities and standards deemed fit by FlippingBook are authorized to perform operations involving our customers’ data.

  • How do you assess third parties before and during their service?

    Any vendor with the potential to access sensitive client data is required to provide an external audit or, at the very least, participate in an interview to demonstrate their best security practices. Such assessments are repeated annually to avoid any oversights. Moreover, each vendor is required to sign a Data Processing Agreement and contractually commit to FlippingBook’s data security practices.

  • Could you describe your data backup and recovery systems?

    We replicate data to our disaster recovery site hourly and maintain a redundant database in a separate geographic zone from the primary database. We run a daily integrity check on that backup to make sure it’s usable if required. The recovery point objective is one hour with a recovery time objective of 24 hours.

  • Is your platform security audited externally?

    Not yet. We know this is important to many of our users, so we’re currently pursuing ISO27001 certification.

  • What data deletion process do you have?

    When you delete a flipbook, your account, or cancel your subscription with us, we retain your data for a limited time in case you request to restore your flipbook, your account, or resume your subscription. All flipbooks (and their metadata) that you create with our products are deleted automatically within 30–180 days.

  • Is your service penetration-tested?

    All services that we provide are pen-tested regularly by an independent third party.

  • What service availability measures do you take?

    We publish service availability status updates for our customers in real-time on FlippingBook’s status page. If there are any issues with any of our products, our customers will know as soon as we do. You can visit the status page any time and even subscribe to receive emails with instant updates. Should our systems require maintenance or a short downtime, clients will be provided with ample notice.

Additional information

For more details on FlippingBook’s privacy standards, you can always check out our privacy policy. Also, feel free to request a copy of the latest penetration testing report at privacy@flippingbook.com.

Have any questions or concerns left?
Reach out

And if you’re satisfied with FlippingBook’s security standards,
try for free

drift chat