Yes. We support SSO integrations. Options vary by plan and integration.
Storyblocks Trust Center
We follow a security by design approach, protecting your content, data, and payments through layered controls, continuous monitoring, and adherence to industry-recognized standards including PCI compliance.
At-a-Glance Highlights
-
Data Encryption
Encryption in transit and at rest.
-
Access Controls & SSO
SSO, MFA, least-privilege roles, periodic access reviews.
-
Network Security & WAF
Segmentation, private subnets, security groups, WAF at the edge.
-
Vulnerability & Patch
Routine scans, SLAs by severity.
-
Logging & Monitoring
Centralized logs, audit trails, alerting, anomaly detection.
-
Incident Response & DR
24/7 on-call, runbooks, backups.
-
Vendor Risk
Security reviews, monitoring, minimum controls.
-
PCI
PCI Level 3 Compliant; evidence upon request.
Security Controls
Identity & Access Management
- SSO, MFA for workforce and admin access.
- Least privilege and role-based access control.
- Periodic access reviews and revocation processes.
Encryption
- All data in transit is encrypted with TLS 1.2+.
- All data at rest is encrypted with AES-256.
Network Security
- Segmentation across environments and services.
- Private subnets and security groups.
- Web Application Firewall.
Secure SDLC
- Peer code review and branch protection.
- Dependency and secret scanning.
- Infrastructure-as-Code
Vulnerability Management
- Routine scanning and inventory visibility.
- Severity-based SLAs
- Threat intel and risk-based prioritization.
Logging & Monitoring
- Centralized logs and long-lived audit trails.
- Alerting on high-risk events and anomalies.
- Continuous improvement via metrics.
Incident Response
- 24/7 on-call with documented runbooks.
- Tabletop exercises and post-incident reviews.
- Customer communications via status page.
Business Continuity & DR
- Regular backups and validation.
- RTO/RPO targets appropriate to service tiers.
- Geographic redundancy considerations.
Vendor & Third-Party Risk
- Security reviews.
- Minimum control requirements and monitoring.
- Periodic reassessments based on risk.
PCI Compliance
Storyblocks is PCI Level 3 Compliant and leverage PCI compliant payment processors; evidence available upon request.
Status & Reliability
We communicate customer-impacting incidents via the status page and follow with post-incident summaries.
FAQ
Do you support SSO?
How do you handle data deletion?
We offer processes to delete or anonymize customer data within defined timelines, subject to legal and contractual obligations.
Where is data hosted?
Data is primarily hosted in multiple availability zones in AWS (us-east-1)
How can I report a vulnerability?
If you believe you've discovered a security vulnerability in our platform, please email us at security@storyblocks.com with the details. Our security team will review your report and respond as appropriate.
We currently do not operate a public bug bounty program. While we welcome responsible disclosures, we do not provide financial rewards for submissions.
Contact
Enterprise Evaluations
Evaluating Storyblocks for your organization? Our team can help.