Elastic's hosted and self-managed products are built with security in mind and include features engineered to keep customer information safe. This page is a resource for our customers who would like to better understand how Elastic products both meet and help ensure compliance with data protection laws and regulations.
Learn how to get your Elasticsearch data compliant through our GDPR compliance page. Visit our General Privacy Statement page for information on how we collect, use, share and otherwise process personal data.
We’re entrusted with securing thousands of customers' valuable data. See how we earn that trust on our Elastic Cloud Security page and the Elastic App Search and Elastic Site Search security overview.

See the inherent data security functionalities of the Elastic Stack on the Elastic Stack Security page. Learn about Elastic Security, our security solution that combines endpoint security and SIEM for holistic and unified protection.

Elastic Cloud is authorized at the Moderate Impact level for the Federal Risk and Authorization Management Program.

Elastic Cloud, Elastic Support, and Elastic App + Site Search are all compliant with SOC 3 requirements.
We take security seriously. Our experienced team of security practitioners work across disciplines such as security engineering, security assurance, and risk and compliance. They work with our entire organization, particularly our engineering team, to ensure world-class security for our technology and company.
Elastic is committed to complying and supporting compliance with data protection laws and regulations, such as the EU General Data Protection Regulation, throughout our services.
Elastic is committed to rapidly addressing security vulnerabilities affecting our customers and providing clear guidance on impact, severity, and mitigation. Working with members of the security community and customers, our teams ensure that security vulnerabilities affecting our products are documented and that solutions are released in a responsible manner.
If you believe you have discovered a potential security vulnerability, report it using the instructions available on our security issues page.
We carefully vet each of our vendors and open source projects to ensure they meet the standards and compliance we’re committed to. Elastic partners with select Infrastructure as a Service (IaaS) providers rather than maintaining our own data centers. Each of our IaaS providers regularly undergo independent third-party audits to ensure the security of their services.
Securing your Elastic Stack is easy — and it makes good sense. (Plus, it's also available on Elastic Cloud.)