We highly value your data security and are in the process of obtaining SOC2 and ISO27001 certifications.

Dify.AI's cloud services are hosted on AWS in the U.S. region. Only a very limited number of authorized personnel, after approval, can access user data. Additionally, our code is open-source on GitHub, so if you have security concerns about the cloud service, you can use the self-deployed version.

In the self-deployed version of Dify, there is only one instance where the Dify server is called, which is for checking the current version update API. This action must be triggered by an administrator in the backend. There are no other technologies that use remote servers, so you can use it securely.

If you still have concerns, you can protect your data by setting up firewalls and other security measures.