Skip to main content
Close PromoBar
Featured webinar: 3 traits of binge-worthy streaming media services, 8/13  Register now    Featured webinar: 3 traits of binge-worthy streaming media services, 8/13
UserTesting

UserTesting Security

We take data safety and security seriously. We protect customer and test participant data using industry-leading controls and systems that prevent unauthorized access, damage, and unintentional deletion.

Download our datasheet
Data hosting and encryption

Data Hosting and Encryption

All confidential and proprietary data (including video files, customer and tester data) is hosted through Amazon Web Services (AWS), a SOC 2 and ISO 27017 certified hosting provider.

All data is encrypted at rest and in transit. Data is stored in encrypted form using 256-bit AES encryption. Encryption keys are managed by AWS Key Management Services.

All communication to and from the data center is encrypted using TLS 1.2 or greater.

Service authentication

Service Authentication

Complex passwords are required for customer and tester access, including built-in password requirements for every Live Conversation session. Users are logged out of the system after periods of inactivity.

Single sign-on

Single Sign-on

UserTesting also supports login via single sign-on using SAML 2.0 protocols. This enables customers to implement additional security requirements for passwords and the login process.

Data Collection

Data Collection

The platform is not designed to collect PII. Rather, we collect a little PII to manage demographics and connect you with the right test subject. We don’t share a subject’s name with you. You only know that they meet your demographic requirement and you see them by their self-selected “handle” or profile name which does not match up with their actual name.

Data Processing

Data Processing

When following instructions during completion of a recorded test, or participating in a live interview session, UserTesting may record some or all of the following:

  • Device screen
  • Voice
  • Camera input (which may include participant’s face)
  • Answers to any questions in the instructions

The resulting video and answers are then available to customers for further processing using the platform including:

  • Note taking
  • Video clip creation
  • Highlight reel creation
  • Machine transcription
  • Sharing of videos (full videos, clips and highlight reels)
  • Downloading of videos (full videos, clips and highlight reels)
  • Downloading of notes, transcripts and links to videos in excel format

While this additional processing is facilitated by the platform, it is completely controlled by the customer.

Disaster Recovery and Business Continuity

Disaster Recovery and Business Continuity

Disaster recovery and business continuity are included as part of UserTesting’s security policy. The platform has been designed to be robust and recoverable.

Compliance certifications and membership

AICPA

Compliant with auditing criteria as developed by the American Institute of CPAs, ensuring customer data is securely managed

Compliant with data protection requirements from the European Economic Area (EEA)

Compliant with data protection requirements
from the European Economic Area (EEA)

Active membership in organization sharing best practices, tools, training, and thought ​​​​​​​leadership on cloud security

Active membership in organization sharing
best practices, tools, training, and thought
leadership on cloud security

UserTesting security team here to help

Our security team is led by the Chief Information Security Officer (CISO) and includes staff 
responsible for ensuring ongoing information security, including:

Physical security, inclusive of annual physical security audits

Physical security, inclusive of annual physical security audits

Active membership in organization sharing best practices, tools, training, and thought leadership on cloud security

Active membership in organization sharing best practices, tools, training, and thought leadership on cloud security

Administration of security training, ensuring all employees are trained on how to best protect confidential information

Administration of security training, ensuring all employees are trained on how to best protect confidential information

Immediate attention to inquiries, potential breaches, or other alerts indicating anomalies or issues

Immediate attention to inquiries, potential breaches, or other alerts indicating anomalies or issues