Sketch Security Overview

At Sketch, we know how valuable your work is to you — after all, what’s more important than the designs you create and share with Sketch everyday? That’s why we work hard to respect your privacy and ensure that your documents are always secure with us. Here are some of the ways in which we keep your data private and your work secure.

Sketch and the EU General Data Protection Regulation (GDPR)

At Sketch, we’re committed to privacy — that’s why our privacy policies adhere to the high standards of the EU General Data Protection Regulation (GDPR), and why we maintain those standards and extend them to all our users, inside and outside the EU. For more information on how we collect and process data please refer to our Data Processing Addendum and to our Privacy Statement. Our terms and policies are available here: Sketch Terms & Policies

How is my data secure?

Complete control over who can access your Documents

All Sketch documents are private by default. Accessing a private document requires a user to have a Sketch Cloud account and be invited to view your Shared Document.

You can also decide to make your Document viewable by anyone with the link and to allow others to download the Document. You can set the level of access per invitation to your document.

Direct file access is protected by the following security measures:

• All files are available through a temporary URL (including images, assets, and, when enabled, the downloadable Sketch document).
• We use signed URLs, which expire automatically.
• The URL can not be guessed and all filenames are obfuscated.

Where is my data stored?

All Sketch data is stored in the US (AWS datacenter). More on AWS security.

Is my data secure?

• All of our servers are within our own Virtual Private Cloud (VPC) with network Access Control Lists (ACL’s).
• We have data encryption in transit and at rest, meaning all our data in the database, underlying storage, backups, replicas, and snapshots are encrypted. All data is sent over HTTPS, using TLS 1.2 or better.
• Only a handful of people can access data and they only do so in order to improve the services we provide.
• We monitor and audit our usage logs.

What sub-processors do you use?

We use a number of third parties to store user data in order to provide/improve our services:

We use a number of sub-processors in order to provide/improve our services. In order to be fully transparent about our use of personal data an up-to-date list of these sub-processors is available on our website the following link: https://www.sketch.com/subprocessors/. The particularities of data processing – such as its scope and purpose – are governed in our standard Data Processing Addendum, which is an attachment to our Terms of Service and which our customers can find at the following link: https://www.sketch.com/dpa/.

Data Security Measures

We are continually assessing our controls to ensure we provide the best security for you. Sketch has multiple security measures in place and you can access the list at Annex 2 of our DPA. Security and privacy are a top priority for Sketch and involved in all parts of the development and service we offer.

Compliance

The Company is currently working towards achieving the ISO27001 certification.

The environment that hosts Sketch services maintains multiple certifications for its data centers, including ISO 27001 compliance, PCI Certification, and SOC reports. For more information about their certification and compliance, please visit the AWS Security website and the AWS Compliance website.

We don’t process or store payment data ourself but our payment providers are PCI compliant and directly processing and storing the payment information.

• https://stripe.com/docs/security/stripe
• https://fastspring.com/risk-management-and-compliance/

You can find out more about our policies in our Terms of Service and Privacy Statement. If you have any questions about security at Sketch, please contact our Customer Support team.