Policies and Procedures


Last updated: 24 June 2021

At Calibre, the privacy and security of our user’s data are critical. We’re committed to full transparency on our practices and precautions to keep your information secure. You can also find more information about data processing on the GDPR page and in our Privacy Policy.


  • Encryption: we encrypt all data at rest in both our database and file storage.
  • Cloud Infrastructure: we run 100% in the cloud, within a virtual private network that nobody can access through the public Internet, except via our public-facing content delivery network.
  • TLS/SSL: we use HTTPS/TLS everywhere. There are no exceptions to this rule.


  • Vulnerability management: we use automated vulnerability monitoring to ensure that we’re up-to-date with latest security vulnerabilities and practices.
  • Login security: we protect against brute force attacks with rate limiting technology. All passwords are cryptographically hashed and salted before being stored in our database.

Engineering practices

  • Best practices: we stay up-to-date with industry-leading security practices.
  • Development environments: we separate development and QA environments from production. We don’t use customer data in these scenarios.
  • Code review: senior staff reviews all production code.
  • Thorough testing: we run an extensive test suite across every single change.
  • Responsible incident management: we will notify you within 72 hours of learning about a data breach.

We’re here for you

If you have any questions regarding security at Calibre, we’re here to help. Contact us at security@calibreapp.com.