At Episerver, we are proud to be trusted with our customers’ data in over 30 countries worldwide.

Data privacy is important to all our customers, but even more so for certain industries such as banking & financial services, healthcare, pharmaceuticals, and public sector. Knowing we are trusted with our customers’ information, we understand the critical need for consistently operating in a highly secure manner.

At the core of Episerver’s solutions, customers are empowered with the control of their digital information. You can manage your data in a way that offers full control, including any of our customers’ potential personal data. Whether you are concerned about data transmission, data-at-rest, or accessibility, we provide customers with control of their data to support requirements for data privacy and compliance.

Episerver provides services and applications that enable customers to manage, store, and utilize their digital materials. As such, Episerver has limited access to data we process on behalf of our customers in connection with our services. Episerver does not access customer data for reasons not related to operating and maintaining services for our solutions.

The level of trust from our customers comes from our parallel commitment to maintaining and continuously improving our controls and abilities to support our customers. Episerver’s policies regarding data privacy and security are backed by some of our key commitments to our customers, including:


Episerver will take all reasonable and appropriate organizational and technical measures to protect personal data from loss, misuse, unauthorized and unlawful access, disclosure, alteration and destruction. We consider the risks involved in the processing and the nature of the personal data.


Global risk assessments for privacy and security of customer data are performed annually. Our assessments involve review and monitoring of information from management and leadership responsible for ensure that the relevant policies and procedures are being trained, followed, and tested.


Episerver conducts audits of relevant privacy practices to validate compliance to the Episerver Privacy Policy, and to be fully compliant to the EU General Data Protection Regulation (GDPR).

Frequently Asked Questions

What is Episerver’s Privacy Policy and what does it cover?

Episerver’s Privacy Policy applies to all personal data received by Episerver in the United States and in the European Union in any tangible and/or electronic medium.

See the Episerver Privacy Policy at a Glance.

Where is Episerver’s Privacy Policy located?

It can be accessed on our web site, at

Will the Episerver Privacy Policy change?

Episerver’s Privacy Policy may be amended from time to time. We will give appropriate public notice when we make such changes, and any policy changes will be posted on our website.

Who can I contact for questions?

Please contact us at, or write to:

Episerver AB
c/o Legal Department
Box 7007
103 86 Stockholm

Who owns the personal data on my site?

The customer owns the data that is transmitted, managed, stored, and accessed using Episerver services. Episerver’s customers determine the types of data they submit to the platform when using Episerver services. We have no direct relationship with the individuals whose information we receive from our customers or business partners.  We do not control such information, we do not select or determine the specific types of data that we process, and we do not determine the purpose for which it is processed. 

Where is my personal data stored?

When using the Episerver Digital Experience Cloud Service, the customer’s data storage is based on the customer’s geographic location. Episerver uses Microsoft Azure data centers and currently offers support for the following base geographic locations.

  • West US
  • East US
  • Europe
  • APAC (Australia)

For customers hosting Episerver themselves, the location of data is solely managed by the customer.

Who is responsible for securing personal data?

Episerver provides the service and applications for customers to manage their data including any data categorized as personal data. The customer is ultimately responsible for managing their personal data. Episerver is responsible for the security of the systems and infrastructure to ensure that the data is handled in a secure manner.

What is Privacy Shield?

Privacy Shield is a data privacy framework designed by US Department of Commerce and European Commission. The purpose is to meet data protection requirements regarding the transfer of personal data to the United States from the European Union. This new transatlantic framework is also intended to replace the old Safe Harbor agreement.

For more information please visit the Privacy Shield site.

Is Episerver Privacy Shield Certified?

Episerver’s Privacy Policy is based on and governed by the Privacy Shield framework which sets forth the principles that Episerver adheres to with respect to transfers of Personal Data from the European Union to the United States.

How Does Episerver Comply with GDPR?

Episerver has a Compliance, Security and Data Protection Board in place to drive on-going support for GDPR compliance. Internal security and compliance processes for data protection are established and governed using our technical and organizational measures


Episerver’s Privacy Policy applies to all personal data received by Episerver in the United States and in the European Union in any tangible and/or electronic medium.

See the Episerver Privacy Policy at a Glance.

  • Trust Center

    Episerver's security values ensure that our customers are always supported by safe, secure solutions.

  • Security

    At Episerver, security is an integral priority for all of our products and services.

  • Compliance

    Integrated security compliance using a trusted infrastructure.