Mouseflow Security Program

On this page, you'll find an overview of our Security program. You can also request the Mouseflow Security Kit at the bottom of this page.
Audits & Certifications

Our datacenters maintain ISO27001, SOC 1 Type II, and PCI compliance among other industry-standard certifications.

You can request our full security kit toward the bottom of this page.

Data Security

We send data over HTTPS (an encrypted channel) to our platform and allow you to disable tracking of keystrokes in all form fields, disable keystrokes in specific form fields, and exclude/replace content shown in your HTML.

We also salt and hash passwords (using pbkdf2) and offer two-factor authentication.

Monitoring & Testing

We use internal and third-party systems to monitor the confidentiality, integrity, and availability of our platform. If an incident occurs, a team of engineers is alerted immediately. And, if needed, we'll alert you (the client) without delay.

We conduct routine vulnerability scans, penetration tests, and ensure our development efforts follow industry-standard guidelines/best practices.

Policies & Procedures

We follow formal documents to ensure consistency and reliability in our security. This includes requiring all employees to abide by our information security policy, insisting on SLAs (where possible), and maintaining a formal business continuity/disaster recovery plan.

US/EU Datacenters

Your data is isolated in either our European (Amsterdam) or United States (Virginia) datacenter, based on where you sign up. We never transmit or store data outside of the European Union or United States, respectively.

Healthcare Compliance

The Mouseflow US Data Center is HIPAA compliant. Mouseflow Enterprise customers are provided BAAs and direct access to our work with our legal and compliance team.

Dedicated Servers

We lease our own dedicated (iron) servers. We don't use any cloud or shared hosting across our platform.

Request the Mouseflow Security Kit

We’ll include copies of audits, certificates, policies and more.

Privacy protection

Global data protection

Dive even deeper and learn about our commitment to GDPR, CCPA compliance, and more.
Learn more about privacy