Timber's compliance information

Protecting our customer's data and privacy is top priority at Timber. Customers entrust us with their data, and we take that responsibility very seriously. From implementing best-in-class security practices to adhering to relevant compliance standards. If you send data to Timber you can feel confident it's safe and maintained within a compliant environment.

If you haven't done so already, please read our security guide for related security information.

Data Center Compliance

Timber operates solely in AWS data centers which are ISO 9001, ISO 27001, ISO 27017, ISO 27018, PCI DSS Level 1, SEC Rule 17-a-4(f), SOC 1, SOC 2, and SOC 3 certified, among many others. If you have questions or need specific information around these certifications please contact us.

EU - US Privacy Shield

Timber is Privacy Shield compliant. More information about Timber's Privacy Shield compliance cam be found here.

General Data Protection Regulation (GDPR)

Timber is GDPR compliant. More information about Timber's GDPR compliance can be found here.

Data Protection Addendum (DPA) and Execution

Timber is able to sign and execute DPAs. If you're interested in this please contact us.

Submitting a Data Subject Request

Please submit any data subject requests to . In addition, you can delete all log data by deleting the related source. You can also delete all associated account information by deleting your organization.


Timber itself is level 2 PCI compliant. We use Stripe's payment infrastructure so we assume all of the security and compliance benefits that come with that. In addition, we do no store any payment information anywhere in our system.


Timber is not HIPPA compliant.

Contacting Us

If you need to contact us for any of the above, please do so at