Transparency, reliability, and security at every level

Your data is securely encrypted at rest within AWS S3 buckets using AES-256 encryption, enabled by default through AWS encryption services. Key management is expertly handled by AWS Key Management Service (KMS), providing robust protection against unauthorized access or tampering.

All communication between you, your services, and Prepr CMS, including your data, travels securely over the Internet via encrypted HTTPS traffic using TLS v1.2+. Additionally, data is encrypted during transit between Prepr CMS and our Content Delivery Networks (CDNs). This ensures your information remains protected from unauthorized access or manipulation throughout its journey.

Prepr offers Single Sign-On (SSO) as an add-on feature on all plans and supports two-factor authentication (2FA) and role-based access control (RBAC) to keep accounts secure. Teams can define custom roles and permissions for content, environments, and features, ensuring each user only accesses what they need.

Prepr actively monitors for any signs that could indicate potential incidents. To enhance this vigilance, our event-alerting tools escalate notifications to Opsgenie rotations for Prepr's incident response team. Additionally, we have a comprehensive incident response plan in place, outlining procedures for notification, escalation, management, and reporting to ensure swift and effective resolution of any incidents.

The Prepr Audit Log (available for Premium and Enterprise) records key activities on all user actions, ensuring transparency and accountability. It also integrates with organization-wide audit systems for centralized monitoring and compliance.

Our APIs and web applications are protected against DDoS attacks through multiple layers of protection. The Advanced Security Platform of our managed hosting partner, AWS and Cloudflare DDoS Protection, provides robust defense against volumetric DDoS attacks, ensuring high availability. Additionally, our security-focused CDN delivers application-layer DDoS protection, complemented by a web application firewall for enhanced security.

Prepr’s network and applications are protected through multiple layers of security. We protect our application endpoints with the Advanced Security Platform of our managed hosting partner TrueFullstaq with Intrusion Detection and a Web Application Firewall. In addition we have AWS, and Cloudflare guard against attacks. Regular security testing and maintenance help identify and resolve vulnerabilities early, keeping the platform stable and resilient.

Prepr performs hourly encrypted backups and replicates all data across multiple regions. These backups are hosted on a multi-data-center infrastructure in the Netherlands, providing additional physical redundancy. Backup data is stored with AES-256 encryption for maximum protection. In case of multiple disk failures or total data center loss, systems can be quickly restored to maintain business continuity and data integrity.

All Prepr employees use Multi-Factor Authentication (MFA) and secure VPN connections to access critical systems. MFA is enforced across all primary services, and employee access is governed by strict role-based access control (RBAC) and the principle of least privilege, ensuring each user only has the permissions required for their role. Access to internal systems is fully logged and regularly reviewed to maintain strong protection.

Prepr uses Stripe for all payment processing, ensuring no credit card data is stored on our servers. Stripe is certified to PCI DSS Level 1 (Payment Card Industry Data Security Standard), the highest security standard for handling payment information.

All Prepr data is stored and managed in the Netherlands, and all assets are in the AWS EU region. This ensures full compliance with EU data protection laws and guarantees that your content remains under European jurisdiction.

Prepr’s infrastructure and hosting partners comply with leading international standards, including ISO 27001, ISO 9001, and ISAE 3402 Type II. We work exclusively with vendors that follow strict security, privacy, and compliance frameworks, ensuring strong data protection and reliable service delivery at every level.

Prepr runs on a modern MACH-based SaaS architecture, managed by our trusted hosting & security partner TrueFullstaq. Their team operates large-scale cloud environments and ensures strong security and operational excellence. With Kubernetes orchestration and multi–data center redundancy in the Netherlands, our infrastructure delivers high availability, scalability, and enterprise-grade reliability.

Prepr operates across multiple EU-based data centers, including AWS EU region and TrueFullstaq facilities in the Netherlands. All locations are ISO 27001–certified and built for redundancy. In case of failure, systems can be quickly restored to ensure continuous availability and business continuity.

Our software runs in Docker containers orchestrated by Kubernetes, allowing clusters to scale automatically when system load exceeds predefined thresholds. Designed to handle high volumes of web traffic, our platform is built on a robust microservices architecture and a modern technology stack, ensuring reliability and high availability.

Prepr performs regular nightly updates to maintain security and performance. All planned maintenance is announced in advance, with progress and completion updates shared through the status page. After each update, teams receive an email notification, and the maintenance is verified through system monitoring to ensure everything is operating as expected.

Prepr continuously tracks system performance and uptime across the entire infrastructure and all operational systems. Automated alerts and response processes keep services stable, while detailed monitoring data provides insight into platform health and service continuity. Incident history and maintenance records are also available, providing full visibility into system reliability and uptime, supported by a dedicated team of engineers.

Prepr guarantees 99.9% uptime for enterprise customers, ensuring consistent availability across all services. Our Enterprise Service Level defines clear response times and performance commitments designed to maintain reliability at scale.⁡𝅶‍‍𝅺⁡‍𝅴⁡𝅴𝅹‍‍⁢𝅵‍‍⁡⁡‍⁠⁡⁡‍‍𝅹𝅴𝅺‍‍‍𝅷‍‍𝅳⁡‍⁠‍‍⁢𝅵‍‍𝅳⁡⁣⁡⁣⁡⁡⁢⁢𝅵‍𝅺‍𝅺𝅸‌⁡‍𝅶⁠⁡⁣𝅴𝅹⁡‍𝅸⁡⁡‍⁠⁡⁡‍‍𝅸‍⁡‍𝅹⁡⁡‍⁠⁡⁡‍‍𝅹𝅴𝅺‍𝅺⁡⁡⁠‍𝅷𝅴⁡⁢𝅳‍𝅺⁢𝅺𝅹⁡⁣⁠𝅹⁡⁣‍𝅸𝅴⁡⁣⁠𝅸⁡⁢‍𝅺⁠⁣𝅴⁡⁣‍𝅺‌⁢⁣⁢⁣⁢⁣⁢⁡⁢‌⁢⁡‍𝅸⁢⁢⁢‌⁢⁢‍𝅸⁢⁣⁢𝅴⁢𝅳⁢⁠‍𝅸⁢𝅳‍⁢‌⁢‍𝅸⁢⁠⁣⁢⁢⁢⁠⁢𝅳⁢𝅳⁢⁢⁢𝅳⁢⁢⁢‌⁢𝅺𝅷𝅺⁢‌𝅷⁠⁢𝅸⁠𝅹‍𝅸⁣‍ A paid option is a custom Service Level Agreement (SLA) tailored to specific needs for business-critical services.

The Prepr Status Page provides live updates on the performance of all core services, including APIs, CDN, and the editing interface. It shows current operational status, maintenance events, and incident history. With Updates enabled, you can receive all notifications via email, Slack, or Microsoft Teams.

Together with our hosting and security partner TrueFullstaq, Prepr guarantees full data sovereignty within the European Union. All data is stored and managed in Dutch data centers, under EU and Dutch law, and in compliance with ISO 27001, ISO 9001, and ISAE 3402 Type II standards.

Prepr follows a structured release process to deliver ongoing improvements across APIs, UI, and platform performance. Updates are tested, documented, and communicated clearly, ensuring security and stability with every deployment. Detailed changelogs and product updates keep customers informed every step of the way.

Prepr’s product roadmap is guided by UX research, customer feedback, and agency partner input. Each month, our team reviews and prioritizes new ideas to ensure meaningful improvements and transparency throughout development.

Prepr is committed to sustainable growth through energy-efficient infrastructure, eco-friendly operations, and responsible resource use. From renewable-powered servers to sustainable travel and recycling practices, we combine innovation with environmental care.

Prepr and its partners, including AWS and TrueFullstaq, undergo regular audits to maintain compliance with ISO standards and security best practices. Internal reviews and tested contingency plans ensure operational continuity, resilience, and trust across all Prepr environments.

Prepr’s agreements outline the legal and operational foundations of our services. They cover our General Terms and Conditions (GTC), which define service use, the Data Processing Agreement (DPA) governing personal data handling as a processor, and the DORA Agreement, which regulates compliance for financial companies in the EU.

Prepr processes personal data in accordance with the GDPR and related EU regulations. We ensure lawful, transparent, and secure data handling within the EU, respecting individual rights and privacy obligations.

As a data Processor, Prepr handles personal data solely on behalf of our customers and according to their documented instructions. We ensure GDPR-compliant processing through strict confidentiality, strong security measures, and transparent subprocessors. All processing takes place within the EU, supported by robust technical and organizational controls and full alignment with data subject rights as defined by the Controller.

To deliver and improve our SaaS services, Prepr acts as a data Controller for the personal data we collect directly, such as account, login, and billing details. We process this data lawfully, transparently, and only for purposes essential to operating and securing the Prepr platform. We apply strong EU-based data protection measures, and individuals retain their full GDPR rights, including access, correction, and deletion.

Prepr aligns with key European compliance frameworks, including GDPR, DORA, NIS2, DSA and upcoming frameworks like CRA. Our platform architecture and operational practices are built for security, resilience, and transparency, helping organizations meet evolving legal and industry requirements.

Prepr and its hosting partners meet internationally recognized standards, including ISO 27001, ISO 9001, and ISAE 3402 Type II. To further strengthen our security posture, Prepr is on track to achieve ISO 27001 certification in 2026. These certifications demonstrate our commitment to information security, quality management, and operational excellence across every layer of our platform.

Prepr uses cookies and similar technologies to enhance website functionality, remember user preferences, and analyze site usage. Only essential and first-party cookies are applied, ensuring compliance with GDPR and maintaining a secure, privacy-respecting user experience.

Prepr supports the objectives of the EU Digital Services Act by promoting transparency, accountability, and responsible use of digital technologies. Our platform provides clear information about AI-driven features and content management processes, aligning with EU standards for fairness and user protection.