User Agreement

Dify highly values your data security. Dify gets the SOC 2 Type 1 certified and in the window period of SOC 2 Type 1. Besides that, we are still in the process of getting ISO 27001 and GDPR certified.

For comprehensive information on Dify's security measures and protocols, please consult our official Security Policy at Dify Trust Center. Dify Trust Center should be considered the primary and authoritative source for security-related information.

Dify.AI's cloud services are hosted on AWS in the U.S. region. Only a very limited number of authorized personnel, after approval, can access user data. Additionally, our code is open-source on GitHub, so if you have security concerns about the cloud service, you can use the self-deployed version.

In the self-deployed version of Dify, there is only one instance where the Dify server is called, which is for checking the current version update API. This action must be triggered by an administrator in the backend. There are no other technologies that use remote servers, so you can use it securely.

If you still have concerns, you can protect your data by setting up firewalls and other security measures.