Appcues is fully compliant with the GDPR, CCPA, and adheres to the EU-US and Swiss-US Privacy Shield Frameworks.
Appcues has a 2020 SOC 2 Type II report covering Trust Services Principles of Security, Availability, and Confidentiality with no exceptions.
In the unlikely event of a security breach, Appcues rapidly will respond and notify customers as soon as the incident has been contained.
Our data isolation policies distinguish between different levels of data sensitivity and treat the data accordingly.
Data is retained for the life of the customer contract. Appcues will perform data deletion upon request.
Appcues strives to provide 24/7/365 service. A synchronous standby replica of your data is maintained in a different availability zone. Network and incidents are published at https://status.appcues.com/.
All Appcues services and data are protected with strong encryption in transit (using TLS 1.2 and above) and at rest (using AWS KMS and AES-256). All systems are backed up at least every 24 hours. Encrypted data backups are performed nightly.
All Appcues’ employees are trained and certified on data privacy policies and best practices.
Appcues’ front and backend applications, as well as its infrastructure, undergo routine annual pen-tests by independent companies. This is done in addition to Amazon AWS’s own independent tests, periodic internal tests, and 24/7 monitoring of security-related events by a dedicated security team.
The Appcues Platform consists of a web application that delivers content to customer applications, and a software development kit (SDK) that serves that content. Our data is stored in secure environments, completely managed by first-class cloud vendors like Amazon and Google.
At Appcues we take any reports of vulnerabilities seriously. If you encounter a security issue with any of our software or services, please report it to security@appcues.com. We have an internal SLA for responding to such issues, and are committed to responding and fixing any issues promptly. Please note that it is against our Terms of Service to run automated security scanning tools against our system without prior approval. If you are interested in providing such a service, please contact us at security@appcues.com.
Appcues is committed to protecting your personal information. For more details, please see our Privacy Statement.
The Appcues Platform is designed for redundancy and the expectation that failures will happen. Our web application is hosted separately from our APIs, which are also separate from our databases.
Appcues maintains a comprehensive information security policy, called the “Appcues Security Policy.” All new personnel are required to attend an information security training session during onboarding, and current employees attend an annual training session.
Production data is stored in third party data center providers such as AWS, and physical data center security is managed by those third-parties. Appcues personnel do not have physical access to any critical production systems.
Appcues maintains both business continuity and disaster recovery plans along with Runbook to facilitate decision making during critical situations.
Yes, our assessment process includes classifying different types of data, and risk assessing each type individually. More information about the types of data we collect can be found on our privacy page.