Skip to content
Independently verified · Quarterly re-audit
EU VETTED

Storyblok

VERIFIED
Headless CMS · Austria
Founded 2017 · storyblok.com ↗

Austrian headless CMS (Linz, est. 2017); ISO 27001, enterprise customers (Disney, Netflix); Brighton Park US-PE led Series C.

In short

Storyblok, in the Headless CMS category, offers EU hosting with Germany as its hosting location, but a US parent or sub-processor leaves material CLOUD Act exposure.

Assessment notes

Storyblok (Linz AT, founded 2017) is ISO 27001 certified with enterprise customer base (Disney, Netflix, Adidas, Renault); $47M Series B 2022 (Mubadala UAE + HV Capital DE + 3VC + firstminute) and $80M Series C led by Brighton Park Capital (US private equity): US-PE-led Series C flips signal to eu_hq_us_funded with material CLOUD Act exposure.

CLOUD ACT
OWNERSHIP
SUB-PROCS
not disclosed
Verified signals
Jurisdiction
  • EU / adequacy hosting
  • EU / adequacy operator
  • No US CLOUD Act exposure
Transparency
  • Public DPA
  • Sub-processors disclosed
  • Open-source clients
  • Third-party certification
JUMP TO
OVERVIEW

About Storyblok

Storyblok (Linz, Austria, founded 2017) positions itself as the "#1 Enterprise Headless CMS" with a visual-editor differentiator (rather than pure-developer-tool positioning). Customers include Disney, Netflix, Oatly, Adidas, Renault, Marc O'Polo, Autodesk, Virgin Media O2. ISO 27001 certified, 99.99% uptime SLA, framework support for Next.js, Astro, Nuxt, React, Vue, Eleventy, Symfony. Funding history: $47M Series B in 2022 led by Mubadala Capital (UAE) and HV Capital (DE) with 3VC and firstminute; $80M Series C subsequently led by Brighton Park Capital (US private equity, Greenwich CT). The US-PE-led Series C is the procurement-grade caveat, flipping ownership_signal from eu_owned to eu_hq_us_funded.

SUB-PROCESSORS

Sub-processor map · not disclosed

Vendor does not publish a sub-processors list. Schrems II compliance and CLOUD Act exposure cannot be independently verified without it.
CERTIFICATIONS

Frameworks & certifications

ISO/IEC 27001
ACTIVE
FEATURES

Capability matrix

Self-hostable No
Version history Yes
GraphQL API Yes
REST API Yes
Visual editor Yes
Localization (i18n) Yes
Media library Yes
API / webhooks Yes
INTEGRATION & ACCESS
REST API Yes
SSO (SAML / OIDC) Yes
COMPLIANCE & GOVERNANCE
Audit log Yes
Self-host / on-prem option No
PRICING

Pricing & tiers

FREEMIUM
Custom pricing

Contact vendor for tier or volume pricing.

View pricing page ↗
PUBLIC DOCUMENTS

Public documents

  • Data Processing Addendum (DPA)
    www.storyblok.com/legal…
    Open ↗
  • Sub-processors list
    www.storyblok.com/legal…
    Open ↗
ALTERNATIVES

Alternatives in this category

DatoCMS
Italy · Founded 2015
EU-BASED

Italian developer-friendly headless CMS (Milan); 25K+ businesses; bootstrapped feel, no US PE.

Public DPA Sub-processors Open source
FROM
€39/mo
CLOUD ACT
MINOR
Enonic
Norway · Founded 2000
EU-HOSTED

Norwegian headless/hybrid CMS (Oslo, est. 2000); founder-owned, ISO 27001 + 9001 certified; but managed Enonic Cloud runs on Google Cloud + Azure + Fastly.

Public DPA Sub-processors Open source
FROM
CLOUD ACT
MATERIAL
Hygraph
Germany · Founded 2017
EU-BASED

Berlin GraphQL-native headless CMS (formerly GraphCMS, founded 2017); enterprise clients incl. Samsung, LEGO; mostly EU-funded.

Public DPA Sub-processors Open source
FROM
€39/mo
CLOUD ACT
MINOR