Cloud Security Overview

At Sketch, we know how valuable your work is to you — after all, what’s more important than the designs you create and share with Sketch everyday? That’s why we work hard to respect your privacy and ensure that your documents are always safe with us. Here are some of the ways in which we keep your data private and your work secure.

Sketch and the EU General Data Protection Regulation (GDPR)

At Sketch, we’re committed to privacy—that’s why our privacy policies already adhered to the high standard of the new European data protection law known as GDPR, and why we’re ensuring we maintain those rights and extend them to all our users, inside and outside the EU.

How is my data safe?

Complete control over who can access your Documents

All Shared Documents are private by default. Accessing a private share requires a user to have a Sketch Cloud account and be invited to view your Shared Document.

You can also decide to make your Document viewable by anyone with the link and to allow others to download the Document.

Direct file access is protected behind the following security measures:

• All files are available through a temporarily URL (including images and ,when enabled, the downloadable Sketch document).
• We use signed URLs, which will expire automatically. After a signed URL has expired a new URL will be generated for each file, which will be the only valid URL.
• The URL can not be guessed and all filenames are obfuscated.

Where is my data stored?

All Sketch Cloud data is stored in the US (AWS datacenter). More on AWS security.

Is my data secure?

• All of our servers are within our own virtual private cloud (VPC) with network access control lists (ACL’s) that prevent unauthorized requests getting to our internal network.
• We have data encryption in transit and at rest, meaning all our data in the database, underlying storage, backups, replicas and snapshots are encrypted.
• Only a handful of people can access data and they only do so in order to improve the services we provide.
• We monitor and audit our usage logs.

What Third Party services do you use?

We use a number of third parties to store user data in order to provide/improve our services:

• We send a monthly newsletter using Mailchimp. This newsletter is only sent to customers who signed up specifically to receive the newsletter.
• We send transactional and administrative emails through Mailchimp.
• We use Google Analytics to track page views to improve usability of our marketing website and sketch.cloud.
• We use Sentry to track errors that occur within sketch.cloud and the API. This also includes certain data that correlates with the error, but does not include sensitive customer information (passwords, tokens etc).
• We use CloudFlare (as CDN) to distribute our resources for our marketing website, including downloads of the app itself.
• All payments are processed by FastSpring and Stripe. We don’t currently store any payment information or customer data from these transactions.
• Our search functionality on sketch.com is powered by Algolia.
• Our Customer Support team use Front to provide email and social media support for users.
• We temporarily store user documents on Dropbox if we are testing them in order to test bugs or respond to support requests.

Compliance

The environment that hosts the Sketch services maintains multiple certifications for its data centers, including ISO 27001 compliance, PCI Certification, and SOC reports. For more information about their certification and compliance, please visit the AWS Security website and the AWS Compliance website.

You can find out more about our policies in our Terms of Service and Privacy Statement. If you have any questions about security at Sketch, please contact our Customer Support team.