Heap Trust Center

Security & Compliance

Heap provides world-class security measures to ensure your data stays protected and trustworthy.

Request a Demo

Cornerstones of Heap’s Commitment to Security

A Secure Platform

Heap takes the security of our technology and human systems seriously. We invest in security technology, certifications, and human training. We back up those defenses with compliance certifications and white hat attacks.

See it in Action


Safeguard your customers’ data with automatic PII detection, custom install configurations, and a Secure Delete User API. All data sent to Heap is encrypted using TLS.


Stay up-to-date with privacy legislation and policy compliance. Heap is both SOC 2 and GDPR compliant. Heap’s data infrastructure partners hold industry-leading security certifications such as SOC 2 and ISO 27001.


With Heap, you always have access to a complete, retroactive dataset. Heap’s 100% data collection uptime ensures access to the data you need, when you need it.


Control and organize who can access and modify your product data with customizable permissions and role-based access. Efficiently manage your data with audit trails, version control, and low-data-volume alerting.

See How Heap Helps Companies Stay Secure


Comprehensive Security & Rigorous Compliance

A Secure Foundation

Reduce data complexity, securely. We invest heavily in securing our infrastructure, and Heap is certified to the highest industry standards across the globe.

See it in Action

GDPR Compliance

Heap takes a proactive approach to privacy. In addition to internal policies, personnel training, a Secure User Deletion API, and GDPR compliant data processing agreements, Heap has an on staff Data Protection Officer. For more info on our GDPR processes check out our blog.

Security Monitoring

Security is our top priority. We get binannual pen tests from third-party auditors. We also have an Intrusion Detection System that proactively monitors our application servers and infrastructure. Additionally, we enforce security training and compliance from all employees. For more information about our security and compliance policies, contact dpo@heap.io.


Heap encrypts all data entering or leaving Heap infrastructure with TLS/HTTPS. Additionally, all of our databases (all located in AWS) are encrypted at rest. Each account’s data is logically separated, and access to your data is protected by strong authentication and authorization controls.

Custom Configurations

Heap offers a number of custom configuration settings to avoid capturing PII. In addition to a built-in PII detector (which we actively monitor), Heap lets you disable all text capture and prevent data collection on any given element.


Company Culture Rooted in Security

Heap complements technical defenses with security awareness, comprehensive policies, and robust processes.

See it in Action

Data Protection Officer

Heap has an on-staff Data Protection Officer (DPO) to manage personnel security compliance and training. This DPO also oversees Heap’s proactive approach to privacy, security, and governance concerns and has both CIPP/E and CIPM certifications.

Policies and Procedures

Our policies ensure that we comply with applicable standards and regulations and offer business continuity and customer notification plans to satisfy your requirements.

Physical Security

Heap is hosted in a SOC 2 certified facility. Physical access is strictly controlled by professional security staff, state-of-the-art intrusion detection system, and other electronic means. All staff must badge in and all visitor access to Heap is monitored and stored in auditable logs.

Personnel Security

All Heap employees undergo security awareness training and are continuously updated on information security awareness via newsletters and relevant security notifications. Information security practices are reinforced through constant testing that mimics real attacks.


Key Resources

For additional information regarding our policies or to get in touch, please visit these links.

See it in Action

Ready to get started?

Get in touch or create an account.

Start Free Trial