Security & Privacy

Trust is the foundation of everything we do. We've built UserView with security and privacy at its core, ensuring your data is protected at every step of your customer support journey.

SOC 2 Type II Certified
ISO 27001 Compliant
GDPR Ready
HIPAA Compliant

Security Philosophy & Culture

Security isn't an afterthought—it's built into our DNA

Security at UserView isn't an add-on—it's the foundation. Every feature is designed, built, and run with a security-first mindset, reinforced by continuous employee training, strict data-governance, and industry-standard frameworks.

Trusted by hundreds of support and sales teams—including in highly regulated sectors—our cobrowsing platform consistently meets or exceeds the toughest data-protection requirements to safeguard your information and earn your confidence.

Data Protection & Privacy

Your data is encrypted, minimized, and controlled with military-grade security

Smart Data Masking

Our intelligent data masking technology automatically identifies sensitive information like SSNs and credit card data, while giving you complete control to mask any form input or page section you choose. Whatever you mask never touches our servers.

Automatically Masked Data

  • • Social Security Numbers (SSNs)
  • • Credit card numbers and CVV codes

Custom Masking Options

  • • Any form input or field
  • • Entire page sections or elements
  • • CSS selector-based targeting

Configuration Methods

  • • Dashboard configuration for easy setup
  • • Direct code implementation for maintainability
  • • Audit trail for masking configuration changes

🔒 Security Guarantee: Masked data never reaches our servers

Encryption Standards

  • In Transit: TLS 1.2+ encryption for all data transmission
  • At Rest: AES-256 encryption for stored data
  • End-to-End: Complete encryption pipeline from browser to server
  • Role-Based Access: Granular permissions for team members
  • Data Masking: Automatic hiding of sensitive information
  • Audit Logging: Complete activity tracking and monitoring

Privacy Compliance

UserView commits to processing customer data only under documented instructions, prohibits the handling of sensitive data, and ensures that any subprocessors meet equivalent data protection standards.

GDPR Compliance

Full compliance with European data protection regulations

CCPA Ready

California Consumer Privacy Act compliance and controls

HIPAA Compliant

Healthcare data protection for medical organizations

Infrastructure & Network Security

Enterprise-grade cloud infrastructure with global reach and redundancy

Global server locations map showing UserView's worldwide infrastructure

Global Server Network

We deploy servers across multiple geographic regions to deliver fast, low-latency performance to users worldwide, no matter where they're located.

Virginia, USPrimary
Oregon, USWest Coast
Frankfurt, GermanyEurope
SingaporeAsia Pacific
London, UKEurope West
São Paulo, BrazilSouth America

Cloud Security

Hardened Environments

SOC 2-compliant AWS data centers with optional on-premise deployment for maximum control

Network Isolation

Dedicated VPCs with segregated production and development environments

Access Management

Least-privilege IAM policies with mandatory multi-factor authentication

Backup & Recovery

We perform regular backups and maintain a tested disaster recovery plan, so your data remains safe and recoverable in the unlikely event of system failure.

An on-premise option allows you to host the data on your servers, meaning user's data never touches ours.

Application Security

Secure development lifecycle with continuous testing and monitoring

Secure SDLC

Security considerations built into every phase of our development process

Code Analysis

Automated static and dynamic analysis tools scan for vulnerabilities

Dependency Management

Software composition analysis monitors third-party components

Penetration Testing

Regular testing by certified third parties validates our security posture

Compliance & Certifications

Independently verified security controls and compliance standards

SOC 2 Type II

Audited, monitored by Drata, live SOC2 reporting available

ISO 27001

International standard for information security management systems

GDPR Ready

Full compliance with European data protection regulations and rights

HIPAA

Healthcare data protection compliance for medical organizations

Incident Response & Business Continuity

Prepared for any scenario with documented procedures and 24/7 monitoring

24/7 Monitoring & Response

Our security team maintains round-the-clock monitoring with documented incident response procedures. We have defined Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO) to ensure rapid restoration of services.

  • Automated threat detection and alerting
  • Defined escalation procedures for different incident types
  • Regular incident response training and tabletop exercises
  • Customer notification protocols for security events

Business Continuity

We conduct quarterly disaster recovery drills to ensure our backup and recovery procedures work as expected. All backups are encrypted and stored across multiple geographic locations.

Recovery Targets

  • • RTO: 4 hours
  • • RPO: 1 hour
  • • Backup frequency: Every 24 hours

Testing Schedule

  • • Quarterly DR drills
  • • Monthly backup verification
  • • Annual business continuity review

Customer Controls & Shared Responsibility

Granular controls to meet your organization's specific security requirements

Available Controls

  • Single Sign-On (SSO): Integrate with your existing identity provider
  • IP Allow-lists: Restrict access to approved network ranges
  • Data Retention: Custom policies for data lifecycle management
  • Field Masking: Configure which elements to hide during sessions
  • Session Recording: Enable or disable recording functionality

Granular Access Controls

Per-Session Controls

  • • Disable remote control for specific sessions
  • • Set read-only mode for sensitive pages
  • • Configure element-level interaction permissions
  • • Enable/disable screen recording per session

Per-Agent Permissions

  • • Role-based cobrowsing capabilities
  • • Restrict access to specific page sections
  • • Control which agents can initiate sessions
  • • Audit trail for all agent actions

Page-Level Configuration

  • • Disable cobrowsing on sensitive pages
  • • Configure element-specific masking rules
  • • Set interaction boundaries and restrictions
  • • Custom security policies per domain/subdomain

Contact & Further Information

Get in touch with our security team or download detailed documentation

Security Contact

For security inquiries, vulnerability reports, or compliance questions:

Documentation

Access detailed security white papers, policies, and compliance reports:

SOC 2 reports available under NDA

Questions About Security?

Our security team is happy to discuss your specific requirements and answer any questions about our security practices, compliance status, or implementation details.

Ready to Transform your Customer Support?

Join hundreds of companies using UserView to deliver faster, more effective customer support experiences.

Customer support team with headsets working at computers
Book a Demo