Cornerstones of Heap’s Commitment to Security
A Secure Platform
Heap takes the security of our technology and human systems seriously. We invest in security technology, certifications, and human training. We back up those defenses with compliance certifications and white hat attacks.
Safeguard your customers’ data with automatic PII detection, custom install configurations, and a Secure Delete User API. All data sent to Heap is encrypted using TLS.
Stay up-to-date with privacy legislation and policy compliance. Heap is both SOC 2 and GDPR compliant. Heap’s data infrastructure partners hold industry-leading security certifications such as SOC 2 and ISO 27001.
With Heap, you always have access to a complete, retroactive dataset. Heap’s 100% data collection uptime ensures access to the data you need, when you need it.
Control and organize who can access and modify your product data with customizable permissions and role-based access. Efficiently manage your data with audit trails, version control, and low-data-volume alerting.
See How Heap Helps Companies Stay Secure
Comprehensive Security & Rigorous Compliance
A Secure Foundation
Reduce data complexity, securely. We invest heavily in securing our infrastructure, and Heap is certified to the highest industry standards across the globe.
Heap takes a proactive approach to privacy. In addition to internal policies, personnel training, a Secure User Deletion API, and GDPR compliant data processing agreements, Heap has an on staff Data Protection Officer. For more info on our GDPR processes check out our blog.
Security is our top priority. We get binannual pen tests from third-party auditors. We also have an Intrusion Detection System that proactively monitors our application servers and infrastructure. Additionally, we enforce security training and compliance from all employees. For more information about our security and compliance policies, contact firstname.lastname@example.org.
Heap encrypts all data entering or leaving Heap infrastructure with TLS/HTTPS. Additionally, all of our databases (all located in AWS) are encrypted at rest. Each account’s data is logically separated, and access to your data is protected by strong authentication and authorization controls.
Heap offers a number of custom configuration settings to avoid capturing PII. In addition to a built-in PII detector (which we actively monitor), Heap lets you disable all text capture and prevent data collection on any given element.
A SECURE CULTURE
Company Culture Rooted in Security
Heap complements technical defenses with security awareness, comprehensive policies, and robust processes.
Data Protection Officer
Heap has an on-staff Data Protection Officer (DPO) to manage personnel security compliance and training. This DPO also oversees Heap’s proactive approach to privacy, security, and governance concerns and has both CIPP/E and CIPM certifications.
Policies and Procedures
Our policies ensure that we comply with applicable standards and regulations and offer business continuity and customer notification plans to satisfy your requirements.
Heap is hosted in a SOC 2 certified facility. Physical access is strictly controlled by professional security staff, state-of-the-art intrusion detection system, and other electronic means. All staff must badge in and all visitor access to Heap is monitored and stored in auditable logs.
All Heap employees undergo security awareness training and are continuously updated on information security awareness via newsletters and relevant security notifications. Information security practices are reinforced through constant testing that mimics real attacks.