Skip Navigation

Your security,
our priority

We built Sketch with the highest privacy and security standards so you can sit back and focus on what matters: creating your best work.

Security Features

Keeping your work secure from the start

Your work should be safe from the moment you sign in, and we’ve got you covered on multiple levels.

Two Factor Authentication

Add an extra layer of security with Two-Factor Authentication (2FA) — available to anyone with a Sketch account.

SAML/SSO

Sign in to both the Mac and web app using a secure Single Sign-On (SSO).

Permissions Directory

Get a detailed overview of all your Workspace Members and manage what documents they have access to.

*You’ll need a Business Plan to use SAML/SSO and the Permissions Directory.

Data Protection

Your documents,
your decision

All your documents are private by default — and we take steps to keep them that way. When the time comes to share your work, you can rest easy knowing we’re keeping them safe.

Manage access to your work

Want to keep some documents private, share them for all to see, or limit access? You’re in charge. You can even restrict access for your entire Workspace and invite people in one by one.

Secure URLs so no one breaks in

All your files come with complex, temporary URLs that automatically expire — including images, assets, and (if enabled) your downloadable documents. We also conceal file names so no one can guess or force their way in.

background illustration
Compliance

An air-tight security program

scribble-highlight-3

We take data security seriously — that’s why we’re proud to comply with the highest international standards.

GDPR

We comply with the European Union General Data Protection Regulation (GDPR) and extend it to all our customers — even those outside of the EU.

ISO 27001

Our Information Security Management System is ISO 27001 certified — the leading global standard for information security.

Spotted a security issue? Please report it — and help make Sketch even more secure!

background illustration

Common questions

  • Who can see my Sketch documents?

    Sketch documents are private by default. To access a private document, you need to have a Sketch account and be invited by someone who already has access to that document.

    You can also decide to make your document viewable by anyone with the link and allow others to download it. You can set different access levels for everyone you invite to your document.

  • Where is my payment data stored?

    We don’t process or store payment data ourselves, but with our payment providers who are are PCI compliant. Learn more about Stripe and FastSpring’s security and compliance measures.

  • Where does Sketch host its data?

    Sketch and our payment providers are hosted on Amazon Web Services, which holds multiple certifications for its data centers — including ISO 27001 compliance, PCI Certification, and SOC2 Certification. Learn more at AWS Security and AWS Compliance.

  • Is Sketch’s data encrypted?

    Both our in-transit and at-rest data are encrypted. That includes data in our database, underlying storage, backups, replicas, and snapshots. When we transfer data, we rely on HTTPS with TLS 1.2 or better.

  • Are Sketch’s servers protected?

    All our servers are protected within our own Virtual Private Cloud (VPC), which is only accessible through secure connections and strict network Access Control Lists.

  • What data regulations does Sketch comply with?

    Our privacy policies adhere to the European Union General Data Protection Regulation (GDPR) and to the UK GDPR standards. We uphold those standards and apply them to all of our customers — including those outside of the EU.

    For more information on how we collect and process data, please refer to our Data Processing Addendum and to our Privacy Statement. Learn more by reviewing our Terms and Policies.

  • What sub-processors does Sketch use?

    We use a number of sub-processors to improve our services to you.

    View a full, up-to-date list of sub-processors.

    The specifics of data processing — such as its scope and purpose — are governed in our standard Data Processing Addendum (DPA), which is an attachment to our Terms of Service.

  • How does Sketch practice security internally?

    We have an in-house security team that looks after security on all levels — from our product and infrastructure, to our team.

    We grant employees internal access to Sketch’s system and data on a case-by-case basis, through a strict access request procedure. We only give access to the specific information they need — and we continually review their access.

    Every member of our team also participates in mandatory yearly security awareness training. We also train new joiners to make sure they align with Sketch’s understanding and value of security.

  • How does Sketch validate its security methods?

    We conduct at least one external penetration test per year to detect and address any potential vulnerabilities. We also encourage public bug bounties to identify and report any potential security concerns via our Responsible Disclosure Policy.

    Finally, we also run an ongoing research program where we invite ethical hackers to detect risks or issues within defined contexts. This enables us to monitor and fix their findings year-round.

    You can review our full list of security measures to learn more.

Learn more

Take more control over sharing your work in Sketch

Discover how to use My Drafts and project share settings to choose who sees your work — and when.

Can data and ethics live together? How to design with privacy in mind

Spoiler alert — they can, and here’s what designers can do about it.

Restricting access to projects

By default, every Workspace member will be able to see any project along with its documents.

Start creating with peace of mind!

Whether you’re new to Sketch, or back to see what’s new, we’ll have you set up and ready to create your best work in minutes — and with confidence.

Symbol / Customer Logos