Security Statement

Usabilla takes your security and your privacy seriously. Many of our clients require extensive security audits for using Usabilla. We have passed these security audits many times over and receive high praise from large international organizations.

This Security Statement is intended to provide a short transparent view of our security infrastructure and practices to help assure that your data is protected.

Network Security and Architecture
Usabilla systems are housed at third-party service organization data centers and managed service providers located in Europe. These third-party service providers are responsible for the physical, environmental and operational security controls at the boundaries of Usabilla infrastructure. Usabilla is responsible for the logical, network, and application security of our infrastructure housed at third-party data centers. The housed infrastructure is provided by the leading cloud service provider Amazon Web Services (AWS).

Our network security and monitoring techniques are designed to provide multiple layers of protection and defense. Together with AWS, we employ industry-standard protection techniques including firewalls, network vulnerability scanning, network security monitoring, and intrusion detection systems to ensure only eligible and non-malicious traffic is able to reach our infrastructure. At the moment AWS is compliant with, but not limited to, ISO 27001 and SOC 1-3. For more information; AWS Security and AWS Compliance.
Application Security
Products of Usabilla provide multiple features to control and administrate visibility and access to data. These solutions will empower both IT and end users to effectively manage their business and data. These features function in the context of authentication, permissions, access control and privacy control.

Our web interface follows general secure web programing guidelines, as defined in the Open Web Application Security Project (OWASP). To protect data in transit, Usabilla uses Secure Sockets Layer (SSL) / Transport Layer Security (TLS) for data transfer, creating a secure tunnel protected by 256-bit or higher Advanced Encryption Standard (AES) encryption.
Vulnerability Management
Our security team performs automated and manual application security testing and works with third-party specialists on a regular basis to identify and patch potential security vulnerabilities and bugs.

Source code changes are initiated by developers to make enhancements to the Usabilla applications. These changes are checked by code reviews via other internal developers. All changes are stored in a version control system and are required to go through automated Quality Assurance (QA) testing procedures to verify that security requirements are met. If you have questions about Usabilla security, please email us at support@usabilla.com
In Closing
I care deeply about providing our clients with a solution that is not only a joy to use but also one they can wholeheartedly trust. We have incident response policies and procedures in place to address service availability, integrity, security, privacy, and confidentiality matters. Issues reported to security@usabilla.com will be handled with top priority.

Marc van Agteren
CEO, Usabilla.