Your security,
our priority
We built Sketch with the highest privacy and security standards so you can sit back and focus on what matters: creating your best work.
Keeping your work secure from the start
Your work should be safe from the moment you sign in, and we’ve got you covered on multiple levels.
Two-Factor Authentication
Add an extra layer of security with Two-Factor Authentication (2FA) — available to anyone with a Sketch account.
SAML/SSO
Sign in to both the Mac and web app using a secure Single Sign-On (SSO).
Permissions Directory
Get a detailed overview of all your Workspace Members and manage what documents they have access to.
*You’ll need a Business Plan to use SAML/SSO and the Permissions Directory.
Your documents,
your decision
All your documents are private by default — and we take steps to keep them that way. When the time comes to share your work, you can rest easy knowing we’re keeping them safe.
Manage access to your work
Want to keep some documents private, share them with everyone, or limit access? You’re in charge. You can restrict access for your entire Workspace and invite people one by one or only give Members access to specific projects or documents.
Secure URLs so no one breaks in
All your files come with complex, temporary URLs that automatically expire — including images, assets, and (if enabled) your downloadable documents. We also conceal file names so no one can guess or force their way in.
An air-tight security program
We take data security seriously — that’s why we’re proud to comply with the highest international standards.
GDPR
We comply with the European Union General Data Protection Regulation (GDPR) and extend it to all our customers — even those outside of the EU.
ISO 27001
Our Information Security Management System is ISO 27001 certified — the leading global standard for information security.
Spotted a security issue? Please report it — and help make Sketch even more secure!
Common questions
-
Who can see my Sketch documents?
In short, you always control who can see your documents and which documents they can see. Now let’s go into a bit more detail:
No one can access your documents outside your Workspace
Your Workspace documents are on the web, but they are not public unless you choose to make them public. This means that if someone has one of your document’s URL, they won’t be able to access it unless they are Members of your Workspace or you invite them as Guests to that specific document.
Inside your Workspace, you can control who sees what
Inside your Workspace all files are shared by default and all Workspace Members can see them. Workspace Members are Editors (people who can create files) or Viewers (people who can see documents on the Web app).
You can control access to documents by creating Project folders and setting these folders to be private. Only Members that are added to a private folder can see its contents. And if you’re in a Business plan, you can create permissions groups to add multiple Members to a document or project.
You can also invite people as Guests. Guests have limited access because they are not Workspace Members. You need to invite Guests at a document level. This means that if you want a Guest to see two documents you’ll need to add that person to each document and in turn, that Guest will need to accept two invitations.
Guests are a useful way to add people from outside your team or organization.
You can make a file public by editing it’s share settings. Public files are accessible to anyone with the document link, but you can control if you allow file downloads, inspecting and commenting.
-
Where is my payment data stored?
We don’t process or store payment data ourselves, but with our payment providers who are are PCI compliant. Learn more about Stripe and FastSpring’s security and compliance measures.
-
Where does Sketch store my data?
Sketch and our payment providers are hosted on Amazon Web Services, which holds multiple certifications for its data centers — including ISO 27001 compliance, PCI Certification, and SOC2 Certification. Learn more at AWS Security and AWS Compliance.
Currently, we don’t offer an on-premise solution (private cloud), but we are working on providing this option in the future.
-
Is Sketch's data encrypted?
Both our in-transit and at-rest data are encrypted. That includes data in our database, underlying storage, backups, replicas, and snapshots. When we transfer data, we rely on HTTPS with TLS 1.2 or better.
-
Are Sketch's servers protected?
All our servers are protected within our own Virtual Private Cloud (VPC), which is only accessible through secure connections and strict network Access Control Lists.
-
What data regulations does Sketch comply with?
Our privacy policies adhere to the European Union General Data Protection Regulation (GDPR) and to the UK GDPR standards. We uphold those standards and apply them to all of our customers — including those outside of the EU.
For more information on how we collect and process data, please refer to our Data Processing Addendum and to our Privacy Statement. Learn more by reviewing our Terms and Policies.
-
What sub-processors does Sketch use?
We use a number of sub-processors to improve our services to you.
View a full, up-to-date list of sub-processors.
The specifics of data processing — such as its scope and purpose — are governed in our standard Data Processing Addendum (DPA), which is an attachment to our Terms of Service.
-
How does Sketch practice security internally?
We have an in-house security team that looks after security on all levels — from our product and infrastructure, to our team.
We grant employees internal access to Sketch’s system and data on a case-by-case basis, through a strict access request procedure. We only give access to the specific information they need — and we continually review their access.
Every member of our team also participates in mandatory yearly security awareness training. We also train new joiners to make sure they align with Sketch’s understanding and value of security.
-
How does Sketch validate its security methods?
We conduct at least one external penetration test per year to detect and address any potential vulnerabilities. We also encourage public bug bounties to identify and report any potential security concerns via our Responsible Disclosure Policy.
Finally, we also run an ongoing research program where we invite ethical hackers to detect risks or issues within defined contexts. This enables us to monitor and fix their findings year-round.
You can review our full list of security measures to learn more.
-
Where can I find the Terms of Service and other policies?
You can find all of our Terms and Policies on the Legal Page. It includes the following:
Learn more
Take more control over sharing your work in Sketch
Discover how to use My Drafts and project share settings to choose who sees your work — and when.
Can data and ethics live together? How to design with privacy in mind
Spoiler alert — they can, and here’s what designers can do about it.
Restricting access to projects
By default, every Workspace member will be able to see any project along with its documents.
Start creating with peace of mind!
Whether you’re new to Sketch, or back to see what’s new, we’ll have you set up and ready to create your best work in minutes — and with confidence.