Our datacenters maintain ISO27001, SOC 1 Type II, and PCI compliance among other industry-standard certifications.

You can request our full security kit toward the bottom of this page.

We send data over HTTPS (an encrypted channel) to our platform and allow you to disable tracking of keystrokes in all form fields, disable keystrokes in specific form fields, and exclude/replace content shown in your HTML.

We also salt and hash passwords (using pbkdf2) and offer two-factor authentication.

We use internal and third-party systems to monitor the confidentiality, integrity, and availability of our platform. If an incident occurs, a team of engineers is alerted immediately. And, if needed, we'll alert you (the client) without delay.

We conduct routine vulnerability scans, penetration tests, and ensure our development efforts follow industry-standard guidelines/best practices.

We follow formal documents to ensure consistency and reliability in our security. This includes requiring all employees to abide by our information security policy, insisting on SLAs (where possible), and maintaining a formal business continuity/disaster recovery plan.

Your data is isolated in either our European (Amsterdam) or United States (Virginia) datacenter, based on where you sign up. We never transmit or store data outside of the European Union or United States, respectively.

The Mouseflow US Data Center is HIPAA compliant. Mouseflow Enterprise customers are provided BAAs and direct access to our work with our legal and compliance team.

We lease our own dedicated (iron) servers. We don't use any cloud or shared hosting across our platform.