Convert's Iron-Clad Security

With Convert, You Invest in an Experimentation Partner That Has a Legacy of Zero Security Breaches.

ISO 27001 Certified by InterCert SOC 2 Type 2 Compliant
HIPAA Compliant
GDPR Compliant
CCPA Compliant
Zero Data Breach Compliant
Learn More

Servers & Databases: A Safe Haven for Your Data

We use Amazon Web Services (AWS) for our production servers and databases. AWS takes security seriously - almost as seriously as we do.

Amazon employs cutting-edge data security measures, as well as physical access restrictions at server locations. We also use Hetzner Online GmbH for the login site to be compliant with the GDPR.

Certifications:

We Care. Now You Know.

SOC 2 Type 2 Compliant

Convert is SOC-2 attested, with compliance managed through Sprinto.

PCI-DSS

We follow the principles and standard set out by the PCI Standards Council for storing and handling credit card information. More information is available here.

HIPAA Compliant

Content: Convert is designed to support HIPAA compliance for covered entities and business associates.

ISO 27001 Certified by InterCert

Convert is ISO 27001 certified by Intercert, in accordance with ISO guidelines.

Convert availability and uptime

Availability

There for You, Always

We understand that you rely on the Convert Experiences application to improve your website and your business. We're committed to making Convert a highly-available application that you can count on (Check Convert's uptime monitoring page).

Our infrastructure runs on systems that are fault tolerant for failures of individual servers or even entire data centers. Our operations team tests disaster-recovery measures regularly and staffs an around-the-clock on-call team to quickly resolve unexpected incidents.

Disaster Recovery

Getting You Back on Track, ASAP

All of our production infrastructure is built with redundancies in place, in highly-available configurations spread over two different availability zones in the eu-west-1 AWS region.

Disaster recovery infrastructure
Incident management and security

Incident Management & Response

Your Best Interest - First

In the event of a security breach, we will promptly notify you of any unauthorized access to your Customer Data. We have incident management policies and procedures in place to handle such an event.

Pen Testing

For an (Almost) Invulnerable App

We engage independent entities to conduct regular application-level and infrastructure-level penetration tests.

Results of these tests are shared with the Convert Management team. Our Security Team reviews and prioritizes the reported findings and tracks them to resolution. Customers wishing to conduct their own penetration test of the Convert application may request to do so and should contact their account manager to obtain permission from both Convert and Convert’s hosting provider.

Penetration testing

OWASP

The OWASP Top-10 covers the most critical Web application security risks.

OWASP
Access our OWASP evaluation here
Bug bounty program

Bug Bounties

A Proactive Approach

We are interested in actual security, so if someone reports what we feel are both:

  • Serious vulnerabilities (and not just a low/zero-risk XSS), and
  • Discovered during routine use of the application as an actual user – not via a pen test,

We look kindly on the heads up, and might even send across a thank-you bonus!

Personnel Practices:

Our People are Prepared

All employees are required to read and sign our comprehensive information security policy covering the security, availability, and confidentiality of the Convert Experiences services.

Personnel security practices
Security policies

Security Policies:

Fair and Secure Use of Resources

  • IT Security Policy: The objective of this security policy is to promote a culture that helps maximise the value of information through its efficient management and secure protection. It also looks to safeguard Convert Insights and the rights of staff and other parties who depend on the information or to whom it relates.
  • Acceptable Usage Policy: This policy is designed to help our staff understand their responsibilities when utilising, accessing or creating content with Convert Insights IT resources or networked services. It clarifies and defines (within reason) what we deem as an acceptable use of these resources.
  • Disaster Recovery and Business Continuity Policy
  • Incident management and Response Policy

Legal Compliance:

Secure, From Start to Finish

We employ dedicated legal and compliance professionals with extensive expertise in data privacy and security.

These professionals are embedded in the development lifecycle and review products and features for compliance with applicable legal and regulatory requirements.

We also have a business code of conduct that makes legal, ethical and socially responsible choices and actions fundamental to our values and standards for meeting those goals.

Legal compliance

Let’s Redefine How Secure Your Testing App Can Be

Book an On-Demand Demo to Learn More About Our Security Measures

Book Slot
Start your 15-day free trial now.
  • No credit card needed
  • Access to premium features
You can always change your preferences later.
You're Almost Done.
What Job(s) Do You Do at Work? * (Choose Up to 2 Options):
Convert is committed to protecting your privacy.

Important. Please Read.

  • Check your inbox for the password to Convert’s trial account.
  • Log in using the link provided in that email.

This sign up flow is built for maximum security. You’re worth it!