EvermuseTalk to Security Team

    Security & Trust

    Your customers shared it in confidence.
    We treat it that way.

    Evermuse handles some of the most sensitive data a product team owns — real customer conversations. We built enterprise-grade security in from day one: SOC 2 Type 2 certified, GDPR compliant, and continuously monitored, so your security team can say yes.

    SOC 2 Type 2 CertifiedGDPR CompliantDrata Monitored
    SOC 2 T2
    Independently audited certification
    AES-256
    Encryption standard at rest & in transit
    0
    Customer data breaches, ever
    30 days
    Max time to honor data deletion requests

    Certifications & Compliance

    Verified by independent auditors

    Compliance isn't a checkbox for us — it's a continuous practice. Our controls are tested by third-party auditors and monitored around the clock.

    SOC 2 Type 2

    SOC 2 Type 2

    Certified

    Independently audited by Sensiba LLP. Our controls for security, availability, and confidentiality are verified — not self-attested.

    Report available under NDA for enterprise evaluations.

    Request Report
    GDPR

    GDPR

    Compliant

    Full compliance with EU data protection requirements. We serve as Data Processor; you remain Data Controller. DPA available on request.

    Data Processing Agreement (DPA) available on request.

    Request Report
    Drata Monitored

    Continuous Compliance

    Drata Monitored

    Our security posture is monitored in real time by Drata, the leading compliance automation platform. Controls are always on, not just at audit time.

    Live compliance dashboard available to enterprise customers.

    Request Report

    Security Controls

    Defense in depth

    Security isn't a single feature — it's a layered practice. We've built controls at every layer of the stack so that no single failure exposes your data.

    Encryption Everywhere

    All data is encrypted in transit using TLS 1.2+ and at rest using AES-256. Your customer conversations never travel or sit unprotected.

    SSO & MFA

    Support for enterprise SSO via SAML 2.0 and OIDC (Google, Okta, Azure AD). Multi-factor authentication enforced across all accounts.

    Role-Based Access Control

    Granular RBAC lets admins control who sees what. Workspace isolation ensures each team's data remains completely separate.

    Secure Cloud Infrastructure

    Hosted on AWS in SOC 2-compliant regions. Continuous monitoring, automated backups, and 99.9% uptime SLA.

    Audit Logs

    Full activity audit trails for enterprise customers. Know exactly who accessed what data, when, and from where.

    Vulnerability Management

    Regular penetration testing, automated SAST/DAST scanning, and a responsible disclosure program to keep threats ahead of our radar.

    Data Handling

    Your data is yours. Full stop.

    We are the custodians of your customer conversations, not the owners. That means you stay in control — of access, of retention, of deletion. Here's exactly how we handle the data you trust us with.

    View our sub-processors list
    • Your data is never used to train AI models — not ours, not third-party providers'
    • Customer conversation data is isolated per workspace with strict tenant boundaries
    • You can export or delete all your data at any time from your account settings
    • Data is retained only as long as needed; deletion requests are honored within 30 days
    • Sub-processors are disclosed publicly and reviewed before onboarding
    • Data residency options available for enterprise customers in the EU and US

    Responsible Disclosure

    Found a vulnerability? We want to hear from you.

    We run a responsible disclosure program and welcome security researchers. Send findings to security@evermuse.com. We acknowledge every report within 2 business days, investigate thoroughly, and credit researchers who help us improve.

    Report a Finding

    FAQ

    Security questions, answered

    Yes. The full report is available to enterprise evaluators under NDA. Reach out to security@evermuse.com or contact your account team to request access.

    No. Your data is never used to train AI models — neither our own nor those of third-party AI providers we work with. We have contractual commitments from all AI sub-processors prohibiting this.

    Yes. We support SAML 2.0 and OIDC-based SSO with providers including Google Workspace, Okta, and Azure AD. SSO is available on Business and Enterprise plans.

    Data is stored in AWS data centers in the United States (us-east-1). EU data residency is available for enterprise customers — contact us to configure this.

    We maintain an incident response plan that includes immediate containment, root-cause analysis, and notification to affected customers within 72 hours — consistent with GDPR requirements. We have never had a breach of customer data.

    Yes. You can export and delete all your data at any time via account settings. Enterprise customers can also request a certified deletion confirmation. We honor all deletion requests within 30 days.

    Yes. We welcome responsible disclosure of security vulnerabilities. Please send findings to security@evermuse.com. We review every report, respond within 2 business days, and recognize researchers who help us stay secure.

    Email security@evermuse.com with "DPA Request" in the subject line. We'll send a signed DPA within one business day.

    Enterprise Evaluations

    Security review?
    We've done this before.

    Our security team works directly with your InfoSec and legal teams. We'll provide the SOC 2 report, complete your vendor questionnaire, and get you to a signed DPA — usually within a week.

    Talk to Our Security TeamRead Our Security Policy

    security@evermuse.com · SOC 2 report available under NDA · DPA signed within 24 hours

    Evermuse
    Monitored by Drata - SOC 2
    Sensiba - SOC 2 Type 2 certified
    GDPR Ready

    Solutions

    • For UX Researchers
    • For Developers
    • For Product Managers
    • For Sales & CS
    • AI Research Agency
    • Use Cases
    • Enterprise

    Compare

    • vs. Generic AI
    • vs. Claude
    • vs. ChatGPT
    • vs. Gemini
    • vs. Dovetail
    • vs. Gong
    • vs. Productboard
    • vs. Notion

    Get Started

    • Book a UXR Demo
    • Book a Developer Demo
    • Book a Product Manager Demo
    • Contact Sales

    Product

    • Features
    • Pricing
    • Integrations
    • Zoom Integration
    • MCP
    • Changelog
    • Resources
    • Webinars

    Company

    • About
    • Blog
    • Press
    • Partner Program
    • Contact
    • Media Kit
    • Workshops

    Support

    • Help Center
    • FAQ
    • System Status
    • Report a Bug
    • Security & Trust
    • Data Subprocessors
    • Terms of Service
    • Data Processing Addendum
    • Data Protection Policy

    © 2026 Usermuse, Inc. All rights reserved.