Since launch, Dify has consistently received inquiries from developers and enterprise users around the world regarding information security and data privacy compliance. Security and compliance are not a one-time effort, they require sustained, long-term commitment. From day one of product design, our team has adhered to industry standards and continuously strengthened our information security and data privacy management framework.
We are pleased to announce that Dify has successfully completed SOC 2 Type II and ISO 27001:2022 audits, as well as GDPR compliance for two consecutive years. This round of audits covered multiple core dimensions, including personnel management, vendor onboarding, data security, system operations, and development security. The auditing bodies expressed strong recognition of Dify's performance across all of these areas. For a company in a stage of rapid growth, maintaining such a mature level of compliance is no small achievement, and this further affirms our steadfast commitment to the security of user data.
Certification Details
SOC 2 Type II Certification Assessed by independent auditing firm Sensiba. This certification ensures continuous compliant operations across data security, availability, integrity, confidentiality, and privacy, providing enterprise clients with a reliable foundation of trust.
ISO 27001:2022 Certification Assessed by independent auditing firm Johanson. As the world's leading Information Security Management System (ISMS) standard, this certification ensures that Dify employs a systematic approach to data protection and effectively mitigates security risks.
GDPR Compliance Dify strictly adheres to the requirements of the EU General Data Protection Regulation. Through comprehensive Data Processing Agreements (DPA), Privacy Policy maintenance, and annual Records of Processing Activities (ROPA) updates, Dify ensures that the collection, storage, and processing of user data meets the highest global standards for privacy protection.
Why These Certifications Matter
These certifications represent critical benchmarks that the world's leading enterprises must meet. Cloud platforms such as AWS, Google Cloud, and Microsoft Azure, well-known SaaS products including Slack and Zoom, and AI companies such as OpenAI and Anthropic all maintain SOC 2, ISO 27001, and GDPR compliance to ensure their data security and privacy protection meets the highest global standards. Dify's consecutive completion of these assessments means our security framework has reached the same level of compliance as the world's top-tier enterprises.
Dify CEO Luyu Zhang stated: "Achieving these certifications consecutively demonstrates that security and compliance are not a one-time exam for us, but a fundamental capability embedded in our product and the daily operations of our team. As more enterprises choose open-source solutions to take control of their own AI infrastructure, the bar for security only gets higher, not lower. Dify's completion of SOC 2 and ISO 27001 audits along with GDPR compliance maintenance for the second consecutive year means that enterprise users can enjoy the flexibility of open source while receiving the same level of security assurance as top-tier commercial software."
If you would like to learn more or obtain a copy of the reports, please contact us at security@dify.ai and our team will provide you with the information you need.
