Security at SupaStory

Data Encryption

All data is encrypted in transit using TLS 1.3 and at rest with AES-256 encryption. Your session data is protected at every stage of its lifecycle.

Privacy by Design

Our SDK anonymizes user data by default. Sensitive form inputs such as passwords and credit card fields are never captured. We also support Subresource Integrity (SRI) so you can verify the SDK script has not been tampered with.

Access Controls

Role-based access control lets you manage who can view sessions and insights. Enterprise plans include SSO integration and detailed audit logs for full visibility into account activity.

Infrastructure

SupaStory runs on SOC 2 compliant infrastructure hosted by leading cloud providers. We perform regular security audits and vulnerability assessments to stay ahead of emerging threats.

Data Retention

Retention periods are configurable per plan. You can request full deletion of your data at any time, and we will process the request promptly in accordance with our policies.

Compliance

SupaStory is GDPR-ready and CCPA-ready. A Data Processing Agreement (DPA) is available for Enterprise customers. We are committed to meeting the regulatory requirements of the regions we serve.