Useberry Legal
The information provided here is for Useberry customers and users who have questions about our terms and policies.
Security
Infrastructure & Network Security
Our platform is built on the world-class Google Cloud Platform (GCP), inheriting its massive scale and hardened security layers.
Secure Data Centers: All data is hosted in GCP data centers featuring 24/7 physical security, biometric access, and advanced environmental controls. GCP continuously expands its Compliance programs and for more details please visit https://cloud.google.com/compliance/.
Network Isolation: We utilize GCP’s Virtual Private Cloud (VPC) and firewalls to restrict public access. Production databases are isolated from the public internet and require unique authentication.
Continuous Scanning: We use active discovery tools and automated security scanners to identify and remediate infrastructure vulnerabilities in real-time.
Endpoint Protection: All team devices are managed via MDM (Mobile Device Management) with full-disk encryption, active firewalls, and anti-malware deployed.
Data Management & Encryption
Your data is protected both in transit and at rest using industry-standard protocols.
Encryption at Rest: Our primary databases and all backups are fully encrypted using AES-256 or equivalent industry-standard algorithms.
Encryption in Transit: All web traffic (including our REST API, web app, and public site) is served exclusively over HTTPS (TLS 1.2+).
Payment Security: Useberry does not store credit card or payment information. All transactions are handled by Stripe, a PCI-DSS Level 1 service provider. Details about their security posture and PCI compliance can be found at https://stripe.com/docs/security/.
Technical Session Identifiers: To maintain tester anonymity while ensuring study integrity, we use temporary, pseudonymous IDs without collecting PII.
Access Control & Organizational Security
Security is a core part of our company culture, starting with the people who build and support Useberry.
Zero-Trust Principles: We enforce Multi-Factor Authentication (MFA) for all critical services. Access is granted on a "least-privilege" basis and is regularly reviewed.
Employee Vetting: Every Useberry employee undergoes a thorough background check (to the extent permitted by law) and signs a legally binding confidentiality agreement.
Security Training: Our team undergoes regular security awareness training to stay ahead of evolving cyber threats.
Offboarding: We maintain a strict offboarding process that immediately revokes all system access for departing personnel.
Compliance & Certifications
We don’t just claim to be secure; we prove it through industry-standard frameworks and third-party validation.
Framework | Status | Description |
|---|---|---|
SOC 2 Type II | (In Progress) | Independently audited for Security, Availability, and Confidentiality. |
GDPR | Compliant | Dedicated to protecting the privacy of EU citizens and data rights. |
Monitoring & Incident Response
We take a proactive stance on threat detection and disaster recovery.
Audit Logging: We maintain comprehensive audit logs for all system activities, which are collected and stored securely for forensic review.
Incident Response: We have an established Incident Response Policy and a dedicated team ready to react to and notify stakeholders of any security events.
Business Continuity and Disaster Recovery (BCDR): We perform automated daily backups and maintain a formal Disaster Recovery plan to ensure high availability and data integrity, even in the event of a regional outage.
Vulnerability Disclosure: We conduct regular penetration testing and remediate findings promptly to ensure our defenses remain impenetrable.
Transparency & Resources
For enterprise customers and partners who require deeper documentation, our Trust Center provides on-demand access to:
Formal Policies: Acceptable Use, Access Management, and Asset Management.
Architecture Diagrams: Detailed data-flow and infrastructure maps.
Audit Reports: Request access to our SOC 2 reports and compliance documentation.
Last updated on February 26, 2026.