Secure Cloud Printing, Without the Infrastructure Risk

ezeep renders print jobs in the cloud using a virtual printer driver (ThinPrint Output Gateway), so no manufacturer-specific drivers are installed on user devices. This eliminates the attack surface that PrintNightmare (CVE-2021-34527) and the 29 subsequent Windows Print Spooler vulnerabilities rely on. No drivers to update, no drivers to compromise, no Point and Print Restrictions to manage.

ezeep encrypts all print data in transit using TLS 1.3 (minimum TLS 1.2), uses outbound-only connectivity that eliminates inbound network exposure, and supports Pull Printing for secure document release at the printer. Print jobs are deleted from the server after successful delivery. GDPR compliance is built in, reporting can be anonymized, and ISO 27001 certification is in progress. For detailed controls and compliance documentation, see the Security and Compliance page.

Print jobs are deleted from the server after successful delivery to the printer. Pull Printing jobs that are not released are automatically deleted after 72 hours. No documents are retained on local endpoints or in the cloud after completion. The ezeep Hub communicates using outbound-only connections, so no print data passes through inbound firewall ports.

Pull Printing holds every job in a secure cloud queue until the user walks to a printer and authenticates via QR code scan or RFID/NFC card tap. Nothing prints until someone is standing at the device. This prevents sensitive documents from HR, legal, finance, and healthcare from sitting unattended on shared output trays. Pull Printing is available on Business and Enterprise plans.

ezeep runs on Microsoft Azure infrastructure. Print data is encrypted in transit and at rest, and jobs are deleted after successful delivery. For details on data residency regions, Azure compliance certifications, and the full security architecture, visit the dedicated Security and Compliance page.