Security Overview

Last updated:

The security of our customers’ personal information is very important for us. We use robust security measures, which encompass both technical and organizational security controls, to prevent data loss, information leaks, or other unauthorized data processing operations. Baltsoft incorporates encryption, incident management, network and system integrity, and availability and resilience requirements into its security program. Learn more about our security policy, methodology and secure infrastructure by reviewing our security statement below.

Key facts about our security policy and server infrastructure

24/7 Proactive Monitoring

All our systems are continuously monitored for security, availability, and performance.

SSL/HTTPS Encryption

Communication with our servers is securely encrypted using SSL, HTTPS, and TLS.

Automatic Updates

Benefit from full maintenance with an automated system and application updates.

Professional Data Centers

We exclusively use leading data center providers with excellent physical security controls.

System & Data Backups

All our systems are regularly backed up for disaster recovery and system outages.

Data Protection

We are bound to the very strict European data protection laws.

High Availability

Full redundancy of all important systems and world-class data connectivity.

Database Isolation

Separation of customer data with database-level isolation and access permissions.

Access Permissions

Fine-grained access control via system permissions, roles, and network addresses.

Information Security Policy at ConvertAPI

We recognize that information is an important business asset and treat all aspects of information security with the utmost seriousness. We are committed to ensuring that all information is safeguarded from loss, unauthorized access, or misuse, whether our clients or we own that information. Using the ISO 27001:2013 standard as guidance, we have established procedures to protect against such instances. ConvertAPI Information Security Policy aims to protect the company’s information assets from all threats, whether internal or external, deliberate or accidental. The Management approved this Policy which applies to all our staff and subcontractors.

The objective of information security is to ensure the business continuity of Baltsoft and to minimize the risk of damage by preventing security incidents and reducing their potential impact:

Safeguard and protect ConvertAPI customer information and commercially sensitive information within its custody, ensuring the preservation of the confidentiality, integrity, and availability of the data

Establish safeguards to protect ConvertAPI information resources from theft, abuse, misuse, or any form of damage

Establish responsibility and accountability for information security across our company

Encourage management and staff to maintain an appropriate level of awareness, knowledge, and skill to allow them to minimize the occurrence and severity of security incidents

Ensure that we can continue ConvertAPI service availability in the event of significant information security incidents

Achieve and maintain accredited certification to ISO/IEC 27001:2013

ConvertAPI now 100% based on IBM Cloud with full compliance

All new ConvertAPI Cloud accounts are now 100% based on our new IBM Cloud backed infrastructure, following many industry best practices and using IBM's fully compliant and certified systems.

All our systems are designed with pro-active failover across multiple data centers in the US, EU, ASIA and South America while complying with the strict EU data protection rules guaranteed under IBM's Safe Harbor compliance.

IBM Cloud has certified its infrastructure and/or is compliant with many industry-standard policies under the IBM Assurance Program such as ISO, PCI DSS, SOC, FIPS, and MPPA.

IBM Cloud Assurance Program

Recent IBM Cloud compliances under their IBM Assurance Program. Please note that the above-listed certifications apply to the IBM infrastructure only and don't necessarily extend to applications such as ConvertAPI using it. To learn more about up-to-date details, visit the IBM Assurance Program website.

What we're doing to keep your data and our infrastructure safe and to ensure fast and effective responses to security issues.


The security and safety of customer data, our applications, and the supporting infrastructure is our top priority. We achieve a high level of security by following many industry best practices and regularly reviewing and improving our security policies and processes.

Our staff is trained and briefed to ensure that our security policy is executed thoroughly across all disciplines and teams, including customer service, our software development team as well as infrastructure operations.

Network security

Our network is protected by redundant firewalls and load balancers. Our data center providers employ additional constant performance and security monitoring of the used infrastructure. We monitor all systems 24/7 for availability and performance-related incidents to proactively troubleshoot and resolve issues. Many of our servers and network equipment are designed in a redundant way with automatic active failover.

Vulnerability Management

Our servers are hosted exclusively at professionally maintained and secured facilities from leading data center providers. All facilities feature various physical security mechanisms such as electronic access control systems, 24/7 monitoring of entrances, server rooms, and vehicle access roads, as well as modern fire detection and UPS systems.

Network security

The security and safety of customer data, our applications, and the supporting infrastructure is our top priority. We achieve a high level of security by following many industry best practices and regularly reviewing and improving our security policies and processes.

Physical Security

Our applications and the supporting infrastructure are frequently reviewed for potential security issues.

Our documented disclosure policy and our vulnerability management ensure efficient and fast responses to security issues and incidents.

Development Practices

All communications with ConvertAPI cloud instances or our customer portal are encrypted using industry-standard SSL and HTTPS. For email, our infrastructure supports TLS, a protocol that encrypts and delivers emails securely between servers. The ConvertAPI server edition also supports SSL for the application as well as email delivery. The use of SSL is also supported and encouraged for integrations with third-party systems.

Access Control

All access to data within ConvertAPI is governed by access rights and user authentication. Operations and customer service policies follow many industry best practices to limit access to customer data. Additionally, customers can restrict access to ConvertAPI users based on various permissions, roles, and network addresses.

Transmission security

Our teams follow many industry best practices to achieve a high level of security in our code and infrastructure. To ensure high code quality, we employ regular code reviews, track changes rigorously and train team members on common relevant attack vectors. We also maintain our own security framework as part of our stack to limit third-party dependencies and to manage critical code in a central place.

Data Isolation

We isolate customer data for ConvertAPI server and cloud instances by using separate databases and user access for each customer. This and additional mechanisms ensure the protection of sensitive customer information on the database level.


We are bound to the very strict Lithuanian and European data protection laws such as the Lithuanian Law on Legal Protection of Personal Data and the General Data Protection Regulation (“GDPR”).

To learn more about our commitment to GDPR, please visit our GDPR webpage. Personal information and customer data are stored and processed only to provide and optimize our applications, services, and offerings.

Get started with ConvertAPI now!