Data Security

The UserVoice platform is hosted in multiple data centers on the Google Cloud Platform (GCP).

UserVoice‘s hosting provider GCP meets rigorous privacy and compliance standards.

Details can be found on GCP's Security and Data Compliance Page. In summary, the platform is SSAE16 / ISAE Type II compliant, ISO 27001 certified, ISO27017 certified, ISO27018 certified, and PCI DSS v3.2 compliant.

SSAE 16

Access to all UserVoice servers is secure.

  • Firewalls are set to default-deny. The only services that are allowed are SSH (all servers; non-standard port) and HTTPS (web servers only).
  • Database connections are only accepted from other UserVoice servers on a private subnet.
  • All communication with servers (outside of public HTTPS access) is over encrypted secure shell (SSH) and password authentication is disabled. SSH authentication is available only via public/private key authentication.
  • In-depth information on our SSL implementation is available via this Qualys SSL Report on UserVoice.
  • Access for internal employees to individual servers, where allowed, is only available through a VPN that enforces 2 Factor Authentication.

UserVoice servers and software are running the latest versions of software and security patches.

  • We strive to keep all server software on the latest version; however, when that‘s not possible we do ensure that the latest security patches are installed/up to date. This is reviewed monthly (though patches are often installed as soon as they come out).

UserVoice is written to protect against common attacks.

UserVoice software is written using common libraries to protect against SQL Injection, XSS Vulnerabilities, and other common exploits. We scan our application both statically (against known vulnerabilities in libraries and common patterns) and dynamically (using Qualys application scanning) regularly. Our application is also subject to a third party penetration test, conducted annually.

Your data is stored securely.

All of the data we store is encrypted at rest, and personally identifiable information is additionally hashed using bcrypt.

Your access to UserVoice is secure.

All access to your UserVoice admin console (yourdomain.uservoice.com/admin) is always over a secure (SSL encrypted) connection.

Your user's access to UserVoice is secure.

All connections to our web portal are secured over an SSL encrypted connection, including all widgets which customers use to submit tickets or capture feedback.

Access is logged.

Server access logs for auditing are kept for 7 days. Access logs for web servers are kept for 396 days.

Data is co-mingled but secure.

UserVoice is a multi-tenant SaaS solution: customer data is co-mingled on the same database tables, but all data is scoped by an account ID to ensure that one account cannot access data of another account. Unit, functional, and integration tests are run continuously on our CI servers to ensure that it‘s not possible for account data to leak.

Development and test environments do not use customer data.

We use fake customer data in those environments.

Nightly backups are stored offsite and encrypted.

  • A live backup is performed in near real-time.
  • Backups are always full backups of all tables in the UserVoice MySQL database.
  • Backups do not include secondary data (like pageview tracking, denormalized reporting data) that is stored in various other data stores.
  • Backups are done nightly and encrypted with a shared password and stored offsite.
  • Backups are tested and restored daily.
  • Backups are kept for 30 days.
  • Backups are never kept on portable/removable media.

Deleted data is retained for up to 60 days.

Some data that‘s deleted in the UserVoice system is soft deleted and can be recovered inside of 30 days. After 30 days, that data is hard deleted and can only be recovered via full backup for another 30 days.