The secure solution for user research
User Interviews takes security seriously. Just ask our many enterprise customers who trust us with their data. You can research with confidence knowing that we follow industry best practices and have robust controls and processes in place to secure your data.
We’re the secure and reliable platform for research recruiting and panel management.
an illustration of a person fighting off a large dinosaur with a shield and sword
ISO Mark 27701-2019SOC certification logoISO Mark 27001
Application Security

Our application is built to be robust, reliable and secure

teal hand-drawn check mark
SOC 2 certification
User Interviews is SOC 2 Type II certified. This means we have undergone a third party information security audit and provided evidence of effective controls to mitigate risks relating to security, availability, processing integrity, confidentiality, and privacy. Contact us for our latest report.
hand-drawn teal award ribbon
ISO 27001 and ISO 27701 certification
User Interviews is ISO 27001 and ISO 27701 certified. This means we have undergone a third party security and privacy audit and achieved internationally recognized standards for an effective information security and privacy management system (ISPMS). Contact us for our certificate.
a piece of paper with an end html tag
Secure development process
All code is developed to be secure, performant, and maintainable. We use modern tools and frameworks to limit exposure to OWASP Top 10 security risks. We limit access to production servers, maintain separate environments for testing and staging, and conduct manual code review and automated testing.
a lock with a password displayed as asterisks
Data encryption
Customer data is encrypted at rest using AES-256 encryption and encrypted in transit using TLS 1.2 or 1.3. Encryption keys are managed by Heroku and AWS. User passwords are salted and hashed. Learn more about our approach to information security.
a key
SSO Support
Log in to User Interviews using your own authentication infrastructure with Single Sign-On (SSO) capabilities.
hand-drawn icon of a smartphone with a lock on the screen
Two-Factor Authentication
Email 2FA is triggered for logins from new devices, and devices that have been inactive for longer than 30 days.
an award with two ribbon tails
99% uptime guarantee
We commit to 99% uptime and responses to technical support requests within 24 business hours. Learn more about the terms of our SLA.
Network Security

Our cloud network provides a world-class standard of security

a house with a lock on it
Secure infrastructure
All of our data is stored securely with cloud service providers, Heroku and AWS. Our data centers are SOC 2 and ISO 27001 certified, and servers are located within the United States.
two arced arrows in a circle shape
Continuous backups
Through Heroku, we run continuous backups of our database. We are able to restore our production database to any point in time within the last 7 days.
a security camera
Automated monitoring
We use Cloudflare’s enterprise-grade Web Application Firewall to protect against attacks. We invest in automated monitoring and anomaly detection, and keep audit logs of events to help identify, investigate, and recover from unauthorized activity.
a shield with a cog on it
Annual penetration tests
A third-party provider performs annual penetration tests to confirm there are no vulnerabilities in our application network. Contact us for our latest test report.
Organizational Security

Our organization maintains strict protocols to keep us all safe

a fingerprint
Background checks
All employees who have access to customer data are required to undergo background checks, in accordance with local laws.
a handshake
Confidentiality agreements
All employees and contractors are required to sign confidentiality agreements prior to their start date.
a computer monitor with a person giving a presentation
Security awareness training
We conduct company-wide information security awareness training annually and regularly reinforce security protocols through internal communication channels.
an ID badge
Limited employee access
We use the principle of least privilege to define data access. Access is reviewed when employees change roles, and is immediately terminated when employees leave the company.
icon of a desktop screen with a lock on it
Device management
All devices issued to employees that connect to our platform or to any cloud services storing our data use fully-encrypted hardware, up-to-date firewalls, malware and antivirus protection. Restricted data is never stored on mobile devices.
Frequently asked questions
Have questions about security? We've done our best to anticipate your questions below. Our friendly sales team is happy to talk to you anytime, just book a time to chat.
Does User Interviews have any security certifications?
User Interviews has successfully completed a SOC 2 Type II audit. We are also ISO/IEC 27001:2022 and ISO/IEC 27701:2019 certified.
Where can I learn more about security and privacy?
You can learn more about our approach to security and privacy by reviewing our Technical and Organizational Security Measures and our Privacy Policy.
Who can I contact with feedback about security?
If you have any questions or comments regarding our security controls or policies, please send us an email at security@userinterviews.com.
How does User Interviews approach GDPR?
We’re committed to helping companies everywhere align themselves with GDPR and other data privacy regulations. We help our customers protect their users’ privacy through application features and resources. Learn more about our approach to GDPR and data protection.
Does User Interviews have a bug bounty program / voluntary disclosure policy?
We take security seriously and welcome the contribution of external security researchers to help us ensure the security and privacy of our users. Please review our Voluntary Disclosure Policy to learn more.