Security FAQ
GitBook is a tech startup, incorporated in the U.S as GitBook Inc , with a French subsidiary GitBook SAS
We are hosted on Google Cloud, which is backed by the same infrastructure and security Google uses for its own services.
Customer data is primarily stored in U.S data centers, some data (HTML pages & assets) may be cached in other geographies by our CDN.
Google follows or even leads most of the industry's best-practices, they are compliant with most major security standards and certifications.
Yes, all customer data is encrypted at rest and in-transit:
In transit, we use HTTPS to encrypt all traffic served to end-users
Even user-provided custom domains are covered, thanks to LetsEncrypt
At rest with multiple layers of AES256-AES128
By default, all customer data, unless explicitly public, can only be accessed by authenticated users with the correct permissions.
You can control & restrict access through our Teams feature, allowing you to invite external members to join your organization and collaborate, whilst restricting their access to a chosen subset of your projects.
GitBook leverages the following 3rd-party services & APIs:
Algolia for Search
Stripe for Payments
HelpScout for Support
Mixpanel and Google Analytics for Analytics
Google Cloud for hosting (data & compute)
