Convert + Security

Working with Convert isn’t just about ROI. It is about partnering with a brand that’s fully invested in your security.

Learn More

Servers & Databases: A Safe Haven for Your Data

We use Amazon Web Services (AWS) for our production servers and databases. AWS takes security seriously - almost as seriously as we do.

Amazon employs cutting-edge data security measures, as well as physical access restrictions at server locations. We also use Hetzner Online GmbH for the login site to be compliant with the GDPR.


We Care. Now You Know.


We don’t claim to be SOC compliant, but our datacenter providers are (AWS/Hetzner). Customers interested in SOC reports concerning the cloud infrastructure providers utilized by our services can obtain the reports directly from the respective providers.


We follow the principles and standard set out by the PCI Standards Council for storing and handling credit card information. More information is available here.

HIPAA Non-Compliance

Customers acknowledge that Convert Insights Inc. is not a Business Associate or subcontractor (as those terms are defined in HIPAA) and that the Convert Insights Inc. Services are not HIPAA compliant. “HIPAA” means the Health Insurance Portability and Accountability Act and related amendments and regulations as updated or replaced. “Regulated Data” includes HIPAA-regulated data and data covered under the Gramm-Leach-Bliley Act (or related rules or regulations) as updated or replaced.

ISO 27001

We aren’t ISO 27001 compliant, but our datacenter provider is (AWS). Customers interested in ISO 27001 report concerning the cloud infrastructure provider utilized by our services can obtain the report directly from the respective provider.


There for You, Always

We understand that you rely on the Convert Experiences application to improve your website and your business. We're committed to making Convert a highly-available application that you can count on (Check Convert's uptime monitoring page).

Our infrastructure runs on systems that are fault tolerant for failures of individual servers or even entire data centers. Our operations team tests disaster-recovery measures regularly and staffs an around-the-clock on-call team to quickly resolve unexpected incidents.

Disaster Recovery

Getting You Back on Track, ASAP

All of our production infrastructure is built with redundancies in place, in highly-available configurations spread over two different availability zones in the eu-west-1 AWS region.

Incident Management & Response

Your Best Interest - First

In the event of a security breach, we will promptly notify you of any unauthorized access to your Customer Data. We have incident management policies and procedures in place to handle such an event.

Pen Testing

For an (Almost) Invulnerable App

We engage independent entities to conduct regular application-level and infrastructure-level penetration tests.

Results of these tests are shared with the Convert Management team. Our Security Team reviews and prioritizes the reported findings and tracks them to resolution. Customers wishing to conduct their own penetration test of the Convert application may request to do so and should contact their account manager to obtain permission from both Convert and Convert’s hosting provider.


The OWASP Top-10 covers the most critical Web application security risks.

Bug Bounties

A Proactive Approach

We are interested in actual security, so if someone reports what we feel are both:

  • Serious vulnerabilities (and not just a low/zero-risk XSS), and
  • Discovered during routine use of the application as an actual user – not via a pen test,

We look kindly on the heads up, and might even send across a thank-you bonus!

Personnel Practices:

Our People are Prepared

All employees are required to read and sign our comprehensive information security policy covering the security, availability, and confidentiality of the Convert Experiences services.

Security Policies:

Fair and Secure Use of Resources

  • IT Security Policy: The objective of this security policy is to promote a culture that helps maximise the value of information through its efficient management and secure protection. It also looks to safeguard Convert Insights and the rights of staff and other parties who depend on the information or to whom it relates.
  • Acceptable Usage Policy: This policy is designed to help our staff understand their responsibilities when utilising, accessing or creating content with Convert Insights IT resources or networked services. It clarifies and defines (within reason) what we deem as an acceptable use of these resources.
  • Disaster Recovery and Business Continuity Policy
  • Incident management and Response Policy

Legal Compliance:

Secure, From Start to Finish

We employ dedicated legal and compliance professionals with extensive expertise in data privacy and security.

These professionals are embedded in the development lifecycle and review products and features for compliance with applicable legal and regulatory requirements.

We also have a business code of conduct that makes legal, ethical and socially responsible choices and actions fundamental to our values and standards for meeting those goals.

Let’s Redefine How Secure Your Testing App Can Be

Book an On-Demand Demo to Learn More About Our Security Measures

Book Slot