Ultimaker Cloud security

Ultimaker Cloud contains user-submitted information across several services. These services support functionality in Ultimaker Cura, Ultimaker Connect and other products.

All information submitted to Ultimaker Cloud is strictly confidential and is only shared with Ultimaker or trusted third parties to offer end-user functionality (like remote printing) after the user gives explicit consent by means of OAuth 2.0. All data is encrypted in transit and at rest.

Ultimaker has taken industry-leading measures to ensure that intellectual property is kept secure. More information can be found in the chapters about network and data center security.

Download this information as a PDF

Data sharing

Ultimaker Cloud hosts separate types of information: public, private, and private until consent is given.

  • Public information refers to information like your username, which is public when using products like the Ultimaker Marketplace and Ultimaker Community
  • Private information refers to information such as your email address, password, or usage patterns. This information is always kept private
  • Private until consent is given applies to data being shared with applications of third parties that integrate with the Ultimaker Cloud by means of OAuth 2.0. Users will be presented with a screen that explains which data they are sharing and who they are sharing it with

More details about how Ultimaker handles customer data and privacy can be found in our privacy policy.

Network security

All cloud-based data, including but not limited to 3D files, G-code, Ultimaker Connect group statuses, and Ultimaker Marketplace source files, use secure HTTPS connections using industry standard 4096 bit RSA encryption. You can find a full report here.

Note: This does not include data that is only handled by on-premise software like Ultimaker Cura and Ultimaker Connect. Connections between workstations running Ultimaker Cura and Ultimaker Connect within a Local Area Network are not encrypted.

Data center security

Ultimaker Cloud stores all data using Google Cloud Platform (GCP). With GCP the data is stored redundantly across multiple devices across multiple environmentally controlled facilities. These facilities use multiple levels of biometric security for physical access, as well as full encryption and sharding of all data at rest. You can find more detailed information about Google data center security here.

All Ultimaker Cloud data centers are located in the European Union.

Application security

Ultimaker ensures that our cloud applications and services are secure by constant maintenance and automated security testing. These procedures include ensuring that all data center software is up-to-date, all application dependencies are up-to-date and scanning for known vulnerabilities and exploits.

Internal controls

Ultimaker grants access to stored data internally by using the “principle of least privilege” through appropriate access control roles on a “need to know” basis. All user-sensitive information is redacted in application logging to ensure no engineers get access to this information. All application code has been reviewed by at least one other engineer than the original author to ensure the quality and security of the code. Furthermore, our automated deployments prevent engineers from running unsafe application software manually in production without going via the proper processes.

Canceling your account

In the event that an Ultimaker account is canceled, the account’s data will be deleted as part of the cancelation process. If you wish to migrate or download your data you can arrange for this service prior to cancellation. Deleted data is unrecoverable by design.

For more detailed information about security in the Ultimaker Cloud, please contact us at any time via [email protected]