On-Demand Webinar

👋 Missed our webinar on User Activation? Check out the recording 👉

Watch now!


Heap Trust Center

Creating a secure experience to deliver data you trust.

    Cornerstones of Heap’s Secure Platform

    • Reliability Icon


      Don’t lose precious time or resources because of data blackouts. With Heap, you always have access to a complete, retroactive dataset. Heap’s 100% data collection uptime coupled with autocapture grants your team access to the data you need, when you need it.

    • Compliance Icon


      Stay up-to-date with new privacy legislation and policy compliance. Heap is both SOC 2 and GDPR compliant. Additionally Heap partners with Amazon Web Services (AWS) to store data. AWS is a leading cloud infrastructure provider and holds industry-leading security certifications such as SOC 2 and ISO 27001.

    • Privacy Icon


      Protect your customers' data and privacy. Heap has features such as automatic PII detection, custom install configurations, and a Secure Delete User API. All data sent to Heap is encrypted using TLS.

    • Governance Icon


      Control who can access and modify your user data. Heap's data management solution enables you to organize your personnel with customizable permissions and role-based project access. Efficiently manage your data with audit trails, version control, and low-data-volume notifications.

    Want more answers to your security questions?

    Get in touch with our security team.
    Talk to us

    Our Secure Foundation

    • GDPR Compliance

      Heap has taken a proactive approach to privacy. In addition to internal policies, personnel training, a Secure User Deletion API, and GDPR compliant data processing agreements, Heap has an on staff Data Protection Officer to ensure we can continually offer you a better experience. For more info on our GDPR processes check out our blog.

    • Security Monitoring

      Security is our top priority. We get regular pen tests from third-party auditors biannually. We also have an Intrusion Detection System in place that proactively monitors our application servers and infrastructure. Additionally, we enforce security training and compliance from all employees. For more information about our security and compliance policies, contact dpo@heap.io.

    • Infrastructure

      Heap stores all customer data in AWS infrastructure in the AWS east region. AWS is a best-in-class cloud infrastructure provider compliant with industry-leading security and compliance. They have SOC 1, SOC 2, and SOC 3 reports, as well as ISO 9001, ISO 27001, ISO 27017, and ISO 27018 certificates. For more information, reference AWS compliance documentation.

    • Encryption

      Heap encrypts all data entering or leaving Heap infrastructure with TLS/HTTPS. Additionally, all of our databases (all located in AWS) are encrypted at rest. Furthermore, each account’s data is logically separated, and access to your data is protected by strong authentication and authorization controls.

    • Heap Custom Configurations

      Heap offers a number of custom configuration settings to avoid capturing any PII. In addition to a built-in PII detector (which we actively monitor), Heap enables you to disable all text capture and prevent any data collection on any given element.

    • Permissions and Authentication

      Heap has strong controls in place to ensure only authorized users can access your data. In addition to SSO/2FA, enforceable session disconnects, 5 default permission levels, and role-based access, Heap can offer audit logs and customizable permission configurations.

    Security in Heap’s Culture

    • Data Protection Officer Icon

      Data Protection Officer

      Heap has an on-staff Data Protection Officer (DPO) who manages personnel security compliance and training. This DPO also oversees Heap’s proactive approach to privacy, security, and governance concerns and has both CIPP/E and CIPM certifications.

    • Policies and Procedures Icon

      Policies and Procedures

      Our policies ensure we comply with applicable standards and regulations, and also mean we have business continuity and customer notification plans that satisfy your requirements.

    • Physical Security Icon

      Physical Security

      Heap is hosted in a SOC 2 certified facility. Physical access is strictly controlled by professional security staff, state-of-the-art intrusion detection system, and other electric means. Authorized staff must badge in and all visitor access to Heap is monitored and stored in auditable logs.

    • Personnel Security Icon

      Personnel Security

      All Heap employees sign an employee handbook that includes security compliance and acceptable use policies. Employees also undergo security awareness training and are continuously updated on information security awareness via newsletters and relevant security notifications.

    Key Resources:

    For additional information regarding our policies visit the links below: