user interviews company logo
Product
Platform
User Interviews
The complete research recruitment platform
icon version of the Recruit logo- a green circle stacked on top of a lighter green square with two top rounded edges
Recruit
Source from our panel and automate research
icon version of the Research Hub logo- a light blue circle stacked on top of a darker blue square with two bottom rounded edges
Research Hub
Build your own panel and automate research
dark blue plug icon
Integrations & APIs
Extend User Interviews with your favorite tools
Features
survey clipboard icon
Screener surveys
calendar page icon
Scheduling
giftcard icon
Incentives
Opt-in forms
Collaboration
plus icon
Add-ons
Use Cases
navy blue report icon showing a document with a line graph on it
Research panel
NEW Reports
conversation bubbles icon
Moderated research
usability testing browser window icon
Usability tests
dark blue stacked check box icon
Surveys
wheelchair user icon
Accessibility research
Read product release notes
new tab icon
Spotlight
Take a self-guided product tour of User Interviews
Visit the demo center →
Talk to users today!
Sign Up Free
Pricing
Company
All about UI
dark blue UI logo icon
About Us
Read about our story, team, mission, and culture
dark blue handshake icon
Partners
Want to collab? Join our partner ecosystem!
dark blue icon of users on cards representing contacts
Customer Stories
We're trusted by research teams big and small
dark blue brief case icon
Careers
We're hiring! Read about our current openings.
bullhorn icon
Affiliate Program
NEW
Get paid when you refer researchers to UI!
Spotlight
gold crown icon
User Interviews for Enterprise
We help enterprise teams find and recruit their target audience, and gain meaningful insights at speed.
Talk to users today!
Sign Up Free
Resources
Learn
dark blue icon of a quill and ink
Blog
Fresh UXR content, every week
dark blue icon of a microphone with radiating circles
Podcast
Tune into Awkward Silences
dark blue icon of a sign post with two opposite facing arrows
Field Guide
An in-depth guide to UXR methods
Events
In-person and virtual sessions
EXPLORE
line graph on page icon
Data & Reports
Original UXR industry analyses
toolbox icon
UXR Tools
Calculators, methods selectors & more
dark blue icon of a life ring
Help Center
Need support? We got you.
icon of the UI logo with a graduation cap on
User Interviews Academy
NEW
Product education for researchers
FEATURED
folded map icon
2024 UX Tools Map
Explore the UXR software landscape
briefcase icon
2025 Research Budget Report
NEW
Learn how your spending compares
combined bar and line graph icon
2024 State of User Research
Data from our annual survey
dark blue icon of nondescript stacked money bills
Incentive Calculator
How much should you pay?
light green asterisk icon on a dark blue background
2024 UX Salary Report
Insights and trends in UXR salaries
dark blue icon of a rocket next to a document
UX Research Launch Kits
Choose a method, get researching!
template icon
Free Research Templates
Kickstart your next project!
fresh lettuce icon
See all resources
Explore our brand new content hub
Talk to users today!
Sign Up Free
Participants
Participant resources
pink icon of a browser window with a magnifying glass
Browse online studies
Find the type of study that works for you
pink icon of ellipsis in a lighter pink circle
Learn more about participating
Getting started is simple and fast
pink icon of a book cover with a question mark on it
Participant FAQs
Need help? Start here
a pink life ring icon
Contact participant support
Talk to our dedicated participant support team
Join our Panel
pink icon of a right arrow with an incomplete circle around it
Want to get paid to participate?
Sign up free today →
Share your opinions, get paid.
Sign Up to Participate
Sign In
Sign Up
Sign Up
Sign In

Technical and Organizational Security Measures

Last updated: July 1, 2025
‍

All capitalized terms used but not defined herein have the meaning set forth in the commercial services agreement and/or terms between User Interviews, Inc. (“UI”) and Customer (the “Agreement”).

UI has implemented and maintains an information security program designed to provide a secure technology environment and to protect the Services and Customer Data against accidental, unlawful or unauthorized access, use, destruction, loss, disclosure, or alteration. UI’s approach to security and data protection incorporates both technical controls and organizational processes designed to implement the information security principles of confidentiality, integrity, and availability. These technical and organizational measures include the following:
‍

Security and Privacy Certifications

UI receives an annual SOC 2 Type II report attesting to the suitability of the design and operating effectiveness of its security controls. UI is also ISO/IEC 27001:2022 and ISO/IEC 27701:2019 certified, meaning that UI has undergone a third-party security and privacy audit and achieved internationally recognized standards for an effective information security and privacy management system (ISPMS). Please visit UI’s Trust Center to download UI’s latest SOC 2 Type II report and ISO 27001 & 27701 certificates.
‍

Security and Privacy Policies

UI maintains and follows documented information security and privacy policies and practices that are mandatory for all User Interviews employees, including supplemental personnel. At least annually, UI reviews its policies and amends them as appropriate to maintain the security and privacy of Customer Data and the Services in accordance with industry standards. Please visit UI’s Trust Center to download UI’s security policies.
‍

Physical and Endpoint Security

UI is a fully remote organization and does not directly manage any data centers or other physical premises. UI’s data center provider, Amazon Web Services (AWS), employs physical and environmental controls that meet or exceed industry standards and adhere to SOC 2 Type II and ISO 27001 certification standards. For more information, please visit https://aws.amazon.com/compliance/data-center/.
‍

UI employees are required to secure their physical workspaces and laptops in compliance with applicable company policies. In addition, UI implements protections on employee laptops, including antivirus/anti-malware software, firewalls, screen lock requirements, hard disk encryption and appropriate patch levels. Laptops intended for reuse are securely sanitized prior to reuse, and laptops not intended for reuse are securely destroyed in accordance with UI’s asset management procedures.
‍

System and Network Security

UI, together with its infrastructure providers, employs controls designed to secure systems and networks, including: centralized logging of all system activity, configured to generate alerts for unusual activity; risk-based review procedures for alerts generated from such centralized logging; tools to prevent deployment of common types of malware, including ransomware; segregation of development and staging environments from production environments; network configuration and hardening measures; technical vulnerability management controls; risk management procedures including annual risk assessments; and data loss prevention rules to detect and block sending data via email.
‍

Vulnerability scans are run on internal systems at least monthly, and an independent third party performs a penetration test of all public-facing systems at least annually. Please visit UI’s Trust Center to download UI’s latest penetration test report.    
‍

Secure Development 

All software developers are required to adhere to UI’s documented standards for secure software development and must complete a secure coding training annually. UI-developed software is version controlled and synced between contributors (developers). Access to the central repository is restricted based on an employee’s role. All code is written, tested, and saved in a local repository before being synced to the origin repository. All code changes are required to follow formal change control procedures, including senior engineer approval, a process for testing changes, security testing, system acceptance testing, and a process for remediating unsuccessful changes.
‍

Encryption of Customer Data

Customer Data is encrypted at rest on UI’s AWS-based infrastructure using AES 256, and endpoint devices utilize disk encryption using either AES 128 or AES 256. Customer Data is encrypted in transit using TLS 1.3 (or 1.2 if the end-user’s browser does not support 1.3).
‍

Access Control

UI determines the type and level of access granted to personnel based on the principle of least privilege. Single sign-on, two-factor authentication, and complex password requirements are in place to enforce secure authentication. All user access requests are documented and can be granted only by authorized administrators. Access rights are reviewed at least quarterly for high-risk systems, at least annually for all systems, and as part of any job role change. Access is promptly disabled when there is no longer a business requirement for it.
‍

UI segregates Customer Data at the application layer and logs access to any assets containing Customer Data. Every web request is authenticated and authorized to access that data. UI ensures that when Customers input data, it is segregated from other customers’ data based on their authenticated request. UI prohibits the use of any removable media storage (e.g., flash drives, CDs, etc.) to process or store any Customer Data and blocks the ability to write to removable media storage on employee laptops.
‍

Personnel and Subcontractors

During onboarding and annually thereafter, all UI employees are required to complete an information security and privacy awareness training and to review and certify their compliance with all UI policies. During offboarding, employees are reminded of any ongoing data protection and confidentiality obligations.
‍

Background verification checks are conducted for all UI employees in accordance with applicable laws and regulations, as well as for any independent contractors with access to Customer Data or technical privileged or administrative access to UI production systems. All UI employees, including supplemental personnel, are subject to contractual obligations of confidentiality.  
‍

For all third parties who may access Customer Data, appropriate due diligence is performed prior to provisioning access or engaging in data processing activities. Such third parties are bound by written agreements that include appropriate confidentiality and non-disclosure obligations as well as commitments regarding the integrity, availability, privacy and/or security controls (as appropriate) that meet or exceed the standards and requirements set forth herein. UI remains responsible for all acts or omissions of its subcontractors.
‍

Availability and Resilience

UI uses an industry-recognized data center provider (AWS) with ISO 27001 and SOC 2 certifications to achieve high availability and resilience. UI maintains and follows documented business continuity and disaster recovery policies and procedures, which are reviewed and tested at least annually. Backups are taken and stored in accordance with data classification and retention requirements to enable restoration. UI’s Recovery Point Objective (RPO) is 2 hours and its Recovery Time Objective (RTO) is 12 hours.
‍

Data Management

UI classifies data and information systems in accordance with legal requirements, sensitivity, and business criticality in order to ensure that information is given the appropriate level of protection. Customer Data is afforded the highest level of protection by UI.
‍

Customer Data is retained for as long as reasonably necessary to provide the Services or as required by law. Following termination of a customer agreement, UI will delete Customer Data in accordance with the agreement. Notwithstanding the foregoing, UI may retain Customer Data to the extent required by applicable law, provided that such data will be securely isolated and protected from any further processing, except to the extent required by applicable law.
‍

Voluntary Disclosure Policy

UI welcomes the contribution of external security researchers to help ensure the security and privacy of its users. The policy is available at https://www.userinterviews.com/voluntary-disclosure-policy. 
‍

Incident Response

UI maintains and follows documented incident response policies and procedures, which are reviewed and tested at least annually. UI will promptly notify affected parties and regulatory agencies of relevant security incidents to the extent required by, and in accordance with, UI’s policies, contractual commitments, and/or legal or regulatory requirements.

Talk to users today. Seriously, we're fast.

Sign up freeBook a demo
the UI icon in an illustrated group of moving lines that resembles a comet
User Interviews Logo
Product
RecruitResearch HubPricingIntegrations & APIsPanel ReportsSecurityRelease Notes🌟 Get a Demo
Researcher Resources
Help CenterUser Interviews AcademyField GuideBlogPodcastLaunch KitsEventsFree Research TemplatesIncentive CalculatorSubscribe to our newsletter
X social iconLinkedIn social iconFacebook social icon
Participant Resources
Help CenterBrowse All StudiesFocus Groups StudiesDiary StudiesInterviews StudiesUser Tests & SurveysRefer a Participant
Facebook social icon
Company
About UsCase StudiesPartnershipsCareers
Compare
User Interviews vs. UserTestingUser Interviews vs. UserZoomUser Interviews vs. RespondentUser Interviews vs. Rally
© 2025 User Interviews Inc.  All rights reserved.
Researcher Terms | Participant Terms | Privacy Policy | CA Privacy Notice