Star us on GitHub
Star
Menu

Compliance & Security

Security Certifications

We take compliance and security very seriously at highlight.io. We officially have a SOC 2 Type2 report, GDPR compliance and are currently in the process of attaining HIPAA.

Requesting information

If you're evaluating highlight.io at your company and want to request documentation of any of our certifications, request a DPA, or have questions on the security end, please shoot us an email at security@highlight.io.

Subprocessors

Below is a list of our subprocessors:

SubprocessorProcessing UsageCountry of location
Amazon Web Services (AWS)Data hosting and processingUSA
GoogleData StorageUSA
MixpanelAnalyticsUSA
HubspotCRM, Marketing AutomationUSA
IntercomSupport ServicesUSA
SendgridEmail DeliveryUSA
StripePayment ProcessingUSA
ClickhouseData storageUSA

If you're using the highlight.io browser client and would like to avoid requesting cookie consent from your users, you can pass the storageMode: 'sessionStorage' option to H.init to make sure that highlight will not persist any data in window.localStorage. This will mean that if a user leaves your site and returns later, a new highlight recording will start regardless of the time since they left, since we will not persist any metadata in the browser.