Join us every Wednesday for a weekly live demo of Heap

Security & compliance

Security and Compliance

Heap’s world-class security measures ensure your data stays protected and trustworthy. Read on to learn more.

Commitment to security

Heap's Commitment to Security

Heap takes the security seriously. We invest in security technology, certifications, and human training, then back up those defenses with compliance certifications and white hat attacks.

Watch the video to see how Heap keeps E-Trade’s data safe.





Comprehensive security

GDPR Compliance

Heap takes a proactive approach to privacy. In addition to internal policies, personnel training, a Secure User Deletion API, and GDPR compliant data processing agreements, Heap has an on staff Data Protection Officer. For more info on our GDPR processes check out our blog.

Security Monitoring

Security is our top priority. We get binannual pen tests from third-party auditors. We also have an Intrusion Detection System that proactively monitors our application servers and infrastructure. Additionally, we enforce security training and compliance from all employees. For more information about our security and compliance policies, contact

Customer Configuration


Culture of security

Data Protection Officer

Heap has an on-staff Data Protection Officer (DPO) to manage personnel security compliance and training. This DPO also oversees Heap’s proactive approach to privacy, security, and governance concerns and has both CIPP/E and CIPM certifications.

Policies and Procedures

Our policies ensure that we comply with applicable standards and regulations and offer business continuity and customer notification plans to satisfy your requirements.

Physical Security

Heap is hosted in a SOC 2 certified facility. Physical access is strictly controlled by professional security staff, state-of-the-art intrusion detection system, and other electronic means. All staff must badge in and all visitor access to Heap is monitored and stored in auditable logs.

Personnel Security

All Heap employees undergo security awareness training and are continuously updated on information security awareness via newsletters and relevant security notifications. Information security practices are reinforced through constant testing that mimics real attacks.


Getting started is easy

Interested in a demo of Heap’s Product Analytics platform?