Explore all our resources on Design Tokens and become a master
Learn more
Penpot Security & Compliance
Deploy Penpot in your cloud, our cloud, or on-premises with complete control.
Complete control and flexibility
Enterprise Security
- SAML SSO authentication
- Role-based access control (RBAC)
- API security & webhooks
Deployment Options
- Cloud or self-hosted flexibility
- Deploy in any region worldwide
- Air-gapped environment support
Compliance Flexibility
- Deploy in FedRAMP environments
- SOC2/HIPAA capable (self-hosted)
- Your infrastructure, your compliance
Data Protection
- AES-256 encryption at rest
- TLS 1.2+ for data in transit
- GDPR compliant with DPA
Security Operations
- 24/7 monitoring (cloud)
- Regular penetration testing
- Incident response procedures
Open Source Advantage
- 100% auditable codebase
- No vendor lock-in
- Community security validation
Trusted by security-conscious teams worldwide
HIPAA Comatible
FedRAMP Deployable
GDPR Compliant
Global Deployment
Soc2 Compatible
Enterprise SSO