Star us on GitHub

Compliance & Security

Security Certifications

We take compliance and security very seriously at We officially have a SOC 2 Type2 report, GDPR compliance and are currently in the process of attaining HIPAA.

Requesting information

If you're evaluating at your company and want to request documentation of any of our certifications, request a DPA, or have questions on the security end, please shoot us an email at


Below is a list of our subprocessors:

SubprocessorProcessing UsageCountry of location
Amazon Web Services (AWS)Data hosting and processingUSA
GoogleData StorageUSA
HubspotCRM, Marketing AutomationUSA
IntercomSupport ServicesUSA
SendgridEmail DeliveryUSA
StripePayment ProcessingUSA
ClickhouseData storageUSA

If you're using the browser client and would like to avoid requesting cookie consent from your users, you can pass the storageMode: 'sessionStorage' option to H.init to make sure that highlight will not persist any data in window.localStorage. This will mean that if a user leaves your site and returns later, a new highlight recording will start regardless of the time since they left, since we will not persist any metadata in the browser.