Cornerstones of Heap’s Commitment to Security
A Secure Platform
Heap takes the security of our technology and human systems seriously. We invest in security technology, certifications, and human training. We back up those defenses with compliance certifications and white hat attacks.
Privacy
Safeguard your customers’ data with automatic PII detection, custom install configurations, and a Secure Delete User API. All data sent to Heap is encrypted using TLS.
Compliance
Stay up-to-date with privacy legislation and policy compliance. Heap is both SOC 2 and GDPR compliant. Heap’s data infrastructure partners hold industry-leading security certifications such as SOC 2 and ISO 27001.
Reliability
With Heap, you always have access to a complete, retroactive dataset. Heap’s 100% data collection uptime ensures access to the data you need, when you need it.
Governance
Control and organize who can access and modify your product data with customizable permissions and role-based access. Efficiently manage your data with audit trails, version control, and low-data-volume alerting.
See How Heap Helps Companies Stay Secure
Testimonials
Comprehensive Security & Rigorous Compliance
A Secure Foundation
Reduce data complexity, securely. We invest heavily in securing our infrastructure, and Heap is certified to the highest industry standards across the globe.
GDPR Compliance
Heap takes a proactive approach to privacy. In addition to internal policies, personnel training, a Secure User Deletion API, and GDPR compliant data processing agreements, Heap has an on staff Data Protection Officer. For more info on our GDPR processes check out our blog.
Security Monitoring
Security is our top priority. We get binannual pen tests from third-party auditors. We also have an Intrusion Detection System that proactively monitors our application servers and infrastructure. Additionally, we enforce security training and compliance from all employees. For more information about our security and compliance policies, contact dpo@heap.io.
Encryption
Heap encrypts all data entering or leaving Heap infrastructure with TLS/HTTPS. Additionally, all of our databases (all located in AWS) are encrypted at rest. Each account’s data is logically separated, and access to your data is protected by strong authentication and authorization controls.
Custom Configurations
Heap offers a number of custom configuration settings to avoid capturing PII. In addition to a built-in PII detector (which we actively monitor), Heap lets you disable all text capture and prevent data collection on any given element.
A SECURE CULTURE
Company Culture Rooted in Security
Heap complements technical defenses with security awareness, comprehensive policies, and robust processes.
Data Protection Officer
Heap has an on-staff Data Protection Officer (DPO) to manage personnel security compliance and training. This DPO also oversees Heap’s proactive approach to privacy, security, and governance concerns and has both CIPP/E and CIPM certifications.
Policies and Procedures
Our policies ensure that we comply with applicable standards and regulations and offer business continuity and customer notification plans to satisfy your requirements.
Physical Security
Heap is hosted in a SOC 2 certified facility. Physical access is strictly controlled by professional security staff, state-of-the-art intrusion detection system, and other electronic means. All staff must badge in and all visitor access to Heap is monitored and stored in auditable logs.
Personnel Security
All Heap employees undergo security awareness training and are continuously updated on information security awareness via newsletters and relevant security notifications. Information security practices are reinforced through constant testing that mimics real attacks.