“Every employee at UserIQ is committed to maintaining a safe and secure platform for our customers.”
– Aaron Aycock, Founder and Chief Product Officer
Trust is a core principle of UserIQ. Our commitment to customer privacy and security directs the decisions we make on a daily basis. Trust is the responsibility of each and every employee and one we take seriously.
As an extension of your product, protecting your customer data is important to us. We take special care to make sure your data is protected using industry-leading best practices.
UserIQ offers a secure, reliable, and scalable platform that will not impact your site’s performance. All UserIQ servers, databases, and storage tiers are hosted and managed within highly-secured data centers.
Here’s how we do it:
- Customer data sent to UserIQ will always be stored and hosted in a secure, private space.
- Customer data is encrypted at rest.
- UserIQ employs full HTTPS/TLS compliance across all network calls for both internal and external APIs.
- We follow industry-leading best practices for data security.
For our European clients, UserIQ provides top of the line protection of data without it leaving the sovereignty of the European Union. UserIQ is EU-U.S. Privacy Shield compliant across our entire European tech stack.
To check systems status for UserIQ at any time, visit status.useriq.io.
Where does UserIQ store my data?
Most customer data is stored in US-based AWS data centers that are managed and secured by Amazon. If your company operates in the EU, we offer a Privacy Shield compliant data stack located in Germany. You will, by default, be placed in our U.S.-based data stack. Please contact your Account Executive if you are interested in migrating your data to the EU.
How does UserIQ encrypt my data, both in transit and at rest?
Data in transit always requires an encrypted SSL connection using HTTPS/TLS. This is true for both external and internal API calls. Data at rest is encrypted using industry-standard AES-256.
Does UserIQ collect any personally identifying information (PII)?
The only identifying information that UserIQ requires is a unique user ID for your end users. All other information is optional (but will provide for richer analysis and segmentation). UserIQ does not collect any user-entered form field text in your application. You should avoid sending any of the following types of sensitive personal information to UserIQ: government-issued identification numbers; specific financial information (such as credit or debit card numbers, any related security codes or passwords, and bank account numbers); information related to an individual’s physical or mental health; and information related to the provision or payment of health care.
Will UserIQ delete my data? Can I implement a retention policy for the data?
UserIQ does not delete data while customer accounts are active. Data can be deleted on a schedule to support a custom retention policy, but would require a request with the details.
Does UserIQ use open source software?
Yes. Almost every software vendor today uses open source software in some fashion. To ensure security, we have an automated process that scans and reports any known vulnerabilities in our third-party libraries. If a vulnerability is found, it is patched immediately as part of our normal build and release process.
Security Assessments and Compliance
UserIQ’s physical infrastructure is hosted and managed within Amazon’s secure data centers and utilize the Amazon Web Service (AWS) technology. Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited under:
- ISO 27001
- SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
- PCI Level 1
- FISMA Moderate
- Sarbanes-Oxley (SOX)
All of our service providers are Privacy Shield certified vendors. UserIQ has met all Privacy Shield requirements and is currently awaiting certification.