Compliance & Security
Security Certifications
We take compliance and security very seriously at highlight.io. We officially have a SOC 2 Type2 report, GDPR compliance and are currently in the process of attaining HIPAA.
Requesting information
If you're evaluating highlight.io at your company and want to request documentation of any of our certifications, request a DPA, or have questions on the security end, please shoot us an email at security@highlight.io.
Subprocessors
Below is a list of our subprocessors:
Subprocessor | Processing Usage | Country of location |
---|---|---|
Amazon Web Services (AWS) | Data hosting and processing | USA |
Data Storage | USA | |
Mixpanel | Analytics | USA |
Hubspot | CRM, Marketing Automation | USA |
Intercom | Support Services | USA |
Sendgrid | Email Delivery | USA |
Stripe | Payment Processing | USA |
Clickhouse | Data storage | USA |
Avoiding Cookie Consent (disabling localStorage)
If you're using the highlight.io browser client and would like to avoid requesting cookie consent from your users,
you can pass the storageMode: 'sessionStorage'
option to H.init
to make sure that highlight will not persist
any data in window.localStorage
. This will mean that if a user leaves your site and returns later, a new
highlight recording will start regardless of the time since they left,
since we will not persist any metadata in the browser.