Security at CARTO

Securing your data is our greatest responsibility, and ensuring your peace of mind is at the core of everything we do. We combine expertise, vigilance, and consistency to keep you safe. If you have questions about how CARTO protects your data, please get in touch.

Your Account

We use Secure Sockets Layer (SSL) to serve CARTO and our APIs, over HTTPS. This is the same level of encryption used by leading banks and government agencies. We offer integration with third-party authentication services like Google, OAuth and LDAP (CARTO On-Premises only), and you can enforce complex passwords for your CARTO users.

If you have unique authentication needs, let us know!

Performance and Monitoring

We guarantee 99.9% uptime. Our 24/7/365 On-Call Team continuously monitors the performance and integrity of our online services, from individual API requests to configuration changes and responses to intrusion attempts. We monitor our systems via continuous, comprehensive, securely-stored logs. An automatic remediation framework, built around a central knowledge base, allows us to anticipate potential issues, make smart decisions, and automate actions to prevent them from happening. We are proactive, rather than reactive.

Data Security

Processing layers are stored redundantly. Backups occur via continuous streaming replication and regular snapshots. We maintain firewalls on our edge servers and origin load balancers.

Physical Security

We store your CARTO data on Google Cloud Engine. Google's data centers are state-of-the-art, and they have achieved ISO 27001 Certification. Physical access is strictly controlled by professional security staff, video surveillance, state of the art intrusion detection systems, and other electronic means. Authorized personnel must pass repeated two-factor authentication to access data center floors. Environmental security controls to safeguard against fire, power fluctuations and outages, and challenging weather conditions.

Our offices are secure too. Each one uses a combination of electronic card access, security codes, and/or video surveillance.

Our Code Base

We’re constantly bringing new features and enhancements to CARTO. Our 3-tier testing process ensures that every change to the code base is checked from every angle prior to deployment. We're able to deploy code more than a dozen times each day while maintaining exceptional quality and security.

Sunlight is the best disinfectant. CARTO is built using many open source components, and one advantage of open source is that every line is reviewed by many eyeballs and tested in a wide variety of configurations by a huge community. Problems are surfaced quickly, and the community can help with the fix. We thoroughly review code and licensing for all open source components prior to use, to protect you from IP-related usage restrictions and claims.

Our technical staff are experts in the latest standards in secure software development, and make use of industry best practices, such as the Open Web Application Security Project (OWASP).

Our Team

We conduct comprehensive criminal and employment history background checks to the extent permitted by law. We use two-factor authentication, logical role controls, and private/publish keys in our operations. Everyone at CARTO has signed confidentiality agreements to protect your data. Our team receives tools and training for handling sensitive data and safeguarding technical and non-technical assets.

Credit Card Processing

We do not store your credit card information on our servers. We process payments with Recurly, which is certified to PCI Service Provider Level 1. This is the strictest level of PCI DSS certification. Payment information is transmitted directly to Recurly via HTTPS for secure storage.


We regularly review our hardware, software, and physical security configurations. Our Security Committee ensures that all areas of the company work together to keep you safe.

CARTO On-Premises

Need more? For total control of your data, we offer CARTO On-Premises, putting all the features and functionality of our cloud-based platform on your infrastructure and behind your firewall. Let us know what you need. We can help!

Contact us

Please fill out the below form and we'll be in touch real soon.