Trust Center

Drift Vulnerability Statement

We are aware of the recently disclosed Drift vulnerability. After careful review, we can confirm that DeepL is not affected by this issue, as we do not use Salesforce-Drift in our environment.

As an added precaution, we have also reviewed our Salesforce audit logs to ensure that there has been no suspicious or malicious activity in our instance.

We remain committed to the security and privacy of our users and will continue to monitor the situation.

We are proud to announce that DeepL has successfully achieved the C5 Type 2 attestation and renewed its SOC 2 Type 2 report. These achievements underscore our unwavering commitment to protecting customer data, maintaining transparency, and adhering to internationally recognized security and compliance standards.

About the C5 Type 2 Attestation

The C5 (Cloud Computing Compliance Criteria Catalog) attestation, issued by the German Federal Office for Information Security (BSI), is one of the most stringent standards for cloud security. The Type 2 attestation goes beyond a point-in-time evaluation, requiring a detailed review of our security measures over an extended period. This ensures that DeepL not only meets industry-leading security requirements but also consistently maintains them in practice.

Key areas covered by the C5 attestation include:

• Data Security: Robust measures to protect data against unauthorized access and breaches.
• Transparency: Clear documentation of data handling and operational processes.
• Compliance: Alignment with German and EU regulatory requirements, including GDPR.

About the SOC 2 Type 2 Report

The SOC 2 (Service Organization Control) framework is an internationally recognized standard for evaluating an organization’s controls related to security, availability, and confidentiality. The Type 2 report provides assurance that DeepL has implemented and maintained these controls effectively over time.

Key benefits of the SOC 2 Type 2 report include:

• Independent Validation: Confirmation from an external auditor that our systems and processes meet strict security and operational standards.
• Customer Confidence: Assurance that your data is handled securely and reliably.
• Ongoing Commitment: A demonstration of our continuous efforts to maintain and improve our security posture.

We are thrilled to announce that DeepL has achieved HIPAA compliance, marking another significant milestone in our commitment to safeguarding sensitive data and providing the highest standards of security and privacy for our users.
The Health Insurance Portability and Accountability Act (HIPAA) sets strict standards for the protection of sensitive health information (PHI), and this compliance demonstrates that DeepL meets the rigorous requirements for handling and securing such data.

What Does This Mean for You?

• Enhanced Data Security: DeepL now adheres to HIPAA's stringent requirements for protecting sensitive health information, ensuring that all your data is handled with the utmost care.
• Trust and Reliability: Whether you're in healthcare, research, or any industry that requires HIPAA compliance, you can trust DeepL to provide secure and reliable translation services.
• Commitment to Privacy: This achievement reflects our ongoing dedication to protecting your data and maintaining transparency about our security practices.

DeepL's SOC 2 Type 2 report covering the period from October 2023 to September 2024 is now available for download on request from our Trust Center. This report illustrates the significance of and continued commitment to information security at DeepL. Once again, there were no deviations from our security controls in this reporting year.

We have also successfully passed our recertification against the ISO 27001 standard, and were audited against the most recent version of the standard: ISO 27001:2022. You can download all our current ISO 27001 certifications from the front page of the Trust Center.