Security & Privacy
Trust is the foundation of everything we do. We've built UserView with security and privacy at its core, ensuring your data is protected at every step of your customer support journey.
Security Philosophy & Culture
Security isn't an afterthought—it's built into our DNA
Security at UserView isn't an add-on—it's the foundation. Every feature is designed, built, and run with a security-first mindset, reinforced by continuous employee training, strict data-governance, and industry-standard frameworks.
Trusted by hundreds of support and sales teams—including in highly regulated sectors—our cobrowsing platform consistently meets or exceeds the toughest data-protection requirements to safeguard your information and earn your confidence.
Data Protection & Privacy
Your data is encrypted, minimized, and controlled with military-grade security
Smart Data Masking
Our intelligent data masking technology automatically identifies sensitive information like SSNs and credit card data, while giving you complete control to mask any form input or page section you choose. Whatever you mask never touches our servers.
Automatically Masked Data
- • Social Security Numbers (SSNs)
- • Credit card numbers and CVV codes
Custom Masking Options
- • Any form input or field
- • Entire page sections or elements
- • CSS selector-based targeting
- • Block-level redaction using the
no-upscopeCSS class
Configuration Methods
- • Dashboard configuration for easy setup
- • Direct code implementation for maintainability
- • Audit trail for masking configuration changes
🔒 Security Guarantee: Masked data never reaches our servers
Encryption Standards
- • In Transit: TLS 1.2+ encryption for all data transmission
- • At Rest: AES-256 encryption for stored data
- • End-to-End: Complete encryption pipeline from browser to server
- • Role-Based Access: Granular permissions for team members
- • Data Masking: Automatic hiding of sensitive information
- • Audit Logging: Complete activity tracking and monitoring
Privacy Compliance
UserView commits to processing customer data only under documented instructions, prohibits the handling of sensitive data, and ensures that any subprocessors meet equivalent data protection standards.
GDPR Compliance
Full compliance with European data protection regulations
CCPA Ready
California Consumer Privacy Act compliance and controls
HIPAA Compliant
Healthcare data protection for medical organizations
Infrastructure & Network Security
Enterprise-grade cloud infrastructure with global reach and redundancy
Global Server Network
We deploy servers across multiple geographic regions to deliver fast, low-latency performance to users worldwide, no matter where they're located.
Cloud Security
Hardened Environments
SOC 2-compliant AWS data centers with optional on-premise deployment for maximum control
Network Isolation
Dedicated VPCs with segregated production and development environments
Access Management
Least-privilege IAM policies with mandatory multi-factor authentication
Backup & Recovery
We perform regular backups and maintain a tested disaster recovery plan, so your data remains safe and recoverable in the unlikely event of system failure.
An on-premise option allows you to host the data on your servers, meaning user's data never touches ours.
Application Security
Secure development lifecycle with continuous testing and monitoring
Secure SDLC
Security considerations built into every phase of our development process
Code Analysis
Automated static and dynamic analysis tools scan for vulnerabilities
Dependency Management
Software composition analysis monitors third-party components
Penetration Testing
Regular testing by certified third parties validates our security posture
Compliance & Certifications
Independently verified security controls and compliance standards
SOC 2 Type II
Audited, monitored by Drata, live SOC2 reporting available
ISO 27001
International standard for information security management systems
GDPR Ready
Full compliance with European data protection regulations and rights
HIPAA
Healthcare data protection compliance for medical organizations
Incident Response & Business Continuity
Prepared for any scenario with documented procedures and 24/7 monitoring
24/7 Monitoring & Response
Our security team maintains round-the-clock monitoring with documented incident response procedures. We have defined Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO) to ensure rapid restoration of services.
- Automated threat detection and alerting
- Defined escalation procedures for different incident types
- Regular incident response training and tabletop exercises
- Customer notification protocols for security events
Business Continuity
We conduct quarterly disaster recovery drills to ensure our backup and recovery procedures work as expected. All backups are encrypted and stored across multiple geographic locations.
Recovery Targets
- • RTO: 4 hours
- • RPO: 1 hour
- • Backup frequency: Every 24 hours
Testing Schedule
- • Quarterly DR drills
- • Monthly backup verification
- • Annual business continuity review
Customer Controls & Shared Responsibility
Granular controls to meet your organization's specific security requirements
Available Controls
- SAML/SSO: Enterprise single sign-on with SAML 2.0 support for seamless integration with identity providers like Okta, Azure AD, and OneLogin
- IP Allow-lists: Restrict access to approved network ranges
- Data Retention: Custom policies for data lifecycle management
- Field Masking: Configure which elements to hide during sessions
- Session Recording: Enable or disable recording functionality
Granular Access Controls
Per-Session Controls
- • Disable remote control for specific sessions
- • Set read-only mode for sensitive pages
- • Configure element-level interaction permissions
- • Enable/disable screen recording per session
Per-Agent Permissions
- • Role-based cobrowsing capabilities
- • Restrict access to specific page sections
- • Control which agents can initiate sessions
- • Audit trail for all agent actions
Page-Level Configuration
- • Disable cobrowsing on sensitive pages
- • Configure element-specific masking rules
- • Set interaction boundaries and restrictions
- • Custom security policies per domain/subdomain
Contact & Further Information
Get in touch with our security team or download detailed documentation
Security Contact
For security inquiries, vulnerability reports, or compliance questions:
Documentation
Access detailed security white papers, policies, and compliance reports:
SOC 2 reports available under NDA
Questions About Security?
Our security team is happy to discuss your specific requirements and answer any questions about our security practices, compliance status, or implementation details.
Ready to Transform your Customer Support?
Join hundreds of companies using UserView to deliver faster, more effective customer support experiences.
