Security Overview
Compliance
Userlane is certified for implementation of information security management standards. Userlane exemplifies its commitment to providing a secure product and fulfilling customer needs from a business and security compliance standpoints by receiving ISO/IEC 27001 certification. ISO 27001 is the international standard for information security. It provides a framework for information security management practices and helps organizations establish, implement, operate, monitor, review, maintain and improve ISMS. ISO 27001 is accepted worldwide as an assurance that proper and continual measures have been taken to protect valuable company data. Userlane undergoes yearly external audits and quarterly internal audits as part of its ISO 27001 certification.
Userlane is a certified partner of Microsoft.
Microsoft Azure is certified with ISO 27001 – a common standard in the industry. Since the beginning of 2017, Microsoft Azure is also certified with ISO 27018 – a new standard for the protection of personal data in the Cloud.
Infrastructure & hosting information
Userlane decided to work with Microsoft Azure to ensure the strict security and compliance requirements of our enterprise and public service clients are met and allow us to provide a scalable, frictionless service at a global scale.
By joining forces with the industry leader Microsoft, Userlane can rely on a proven security architecture: Over 3,500 dedicated Microsoft cybersecurity professionals help protect, detect, and respond to threats.
All of Userlane’s databases, application servers and network infrastructure are hosted by Microsoft Azure. By relying on Microsoft, Userlane can leverage significant investments that have been made towards the security and compliance of data centers.
Userlane uses Microsoft Azure’s Europe West region (Amsterdam, Netherlands) by default. A US data center option is available upon request. In order to ensure that the data cannot be used without authorization or passed on, we have also contractually limited the use of the services to the EU region and regulated the access options accordingly. This also applies to the case of maintenance.
Userlane is committed to an uptime SLA of 99.5%. The infrastructure of Microsoft Azure is built for availability. This allows us to guarantee an availability time of 99.5%. This allows less than 4 hours of unavailability per month. In the past, we have seen our performance surpass this minimum barrier on a regular basis.
Userlane works with Azure Network Security Groups to ensure that services running within the Azure environment are accessible only to the networks that need it. Access to network ports of various services is restricted to the extent that access is only possible through services that need access.
Data at rest: All databases use “at rest” encryption, meaning data can only be read if proper authentication takes place on the respective database system. The files in which the data is stored are encrypted so that they can only be accessed by database systems holding the appropriate decryption keys. Userlane uses AES-256 encryption for all data at rest, with encryption keys securely managed via Azure Key Vault to ensure strict access controls and auditability.
Data in transit: Userlane applies transport encryption whenever data is transmitted over an insecure or public network (e.g., outside the virtual private cloud). The type of transport encryption depends on the encryption requested by the client system. Userlane supports TLS 1.3 and TLS 1.2 for data in transit. This ensures data confidentiality and integrity during transmission.
Backups: Userlane drives continuous backups of databases. For databases that support point-in-time recovery, these can restore the state to any specific time, down to the second. Other databases are backed up at regular intervals. The backups are stored in the same region. Backups are retained for 30 days. These backups are treated as sensitive data. Only specific personnel can access these backups after an internal authorization process.
Resources
Read Microsoft’s Whitepaper about Microsoft Azure Security, Privacy, Compliance
Userlane works with recognized security experts and researchers. Together we aim for the highest possible security of our systems. Userlane performs penetration tests on a yearly basis. Userlane’s contractor Cobalt maintains a core of 200+ highly vetted, certified security researchers. Identified vulnerabilities are remediated based on severity: critical issues are addressed immediately, high-severity within 30 days, and medium-severity within 60 days.
Userlane uses various monitoring tools to ensure maximum availability, performance and security of the application. The monitoring includes but is not limited to the following parameters:
Availability: Availability of the application / Accessibility of backend systems and services
Resources: CPU utilization / Utilization of network interfaces / Utilization of persistent and volatile storage
Performance: Response times of the application / Response times of backend systems / Query times for database contents
Security: Update the status of systems / Error logs / Access logs
Userlane Security Contact: security(at)userlane.com
Legal
Contact email: legal@userlane.com
Cyber Insurance
Userlane GmbH maintains the following insurance relevant to cybersecurity and business continuity. Current policy documentation is available upon request from your Account Executive.
- Cyber incident response and crisis management
- Privacy, breach notification, and data liability
- System damage and business interruption
- Threat and extortion liability
Copyright
The content and works created by the site operators on these pages are subject to German copyright law. Duplication, processing, distribution, or any form of commercialization of such material beyond the scope of the copyright law shall require the prior written consent of its respective author or creator. Downloads and copies of this site are only permitted for private, non-commercial use. Insofar as the content on this site was not created by the operator, the copyrights of third parties are respected. In particular, third-party content is identified as such. Should you nevertheless become aware of a copyright infringement, please inform us accordingly. If we become aware of any infringements, we will remove such content immediately.
Liability for content
As a service provider, we are responsible for our own content on these pages in accordance with general legislation pursuant to Section 7 (1) of the German Telemedia Act (TMG). According to §§ 8 to 10 TMG, however, we are not obligated to monitor transmitted or stored third-party information or to investigate circumstances that indicate illegal activity. Obligations to remove or block the use of information according to general laws remain unaffected. However, liability in this regard is only possible from the point in time at which a concrete infringement of the law becomes known. If we become aware of any such infringements, we will remove this content immediately.
FAQs
Is Userlane deployed Securely?Userlane offers flexible deployment options to suit different IT environments. Our most scalable option is the browser extension, which can be rolled out centrally across your organisation via Enterprise Policies, with user authentication handled through SSO, no changes to your applications required. For teams that prefer to embed Userlane directly into their application, we also offer a JavaScript snippet, which is added to the application’s source code and loads Userlane at runtime
What data does Userlane collect?Userlane collects the data needed to deliver in-app guidance, measure adoption, and provide analytics insights. This includes user interaction events (such as clicks, page views, and navigation patterns through HEART Analytics), content engagement metrics (guides, tooltips, announcements, surveys), and where enabled, application usage data through App Discovery. Userlane does not collect passwords, form-field input values, or the contents of files within your applications. Customers control what is captured through Userlane’s analytics privacy settings.
Where is data stored?Userlane offers two data residency options, selected at account setup: EU (Microsoft Azure “Europe West”, Netherlands) for GDPR compliance, and US (Microsoft Azure “East US”, Virginia) for CCPA compliance. Data is fully segregated between regions. All data is encrypted at rest using AES-256 and in transit using TLS 1.2/1.3.
Where can I find information about Userlane’s uptime and downtimes?
We recommend checking out our Status Page. This will give you the ability to subscribe for updates, view uptimes, be informed of any outages, and view historical data.
Where can I find Userlane’s Data Processing Addendum?
Userlane’s Data Processing Addendum (DPA) can be found here.
How does Userlane encrypts data ?
Userlane encrypts data in transit using TLS 1.2/1.3 and at rest using AES-256 encryption through Microsoft Azure storage encryption mechanisms.
Where can I learn more about the Userlane product?
Check out our Knowledge Center, which has lots of greats articles, resources, how-to’s, and guidance about how to use Userlane. If you still need additional help, you can always reach out to our support team directly in product, or by sending an email to support@userlane.com.
