A year of experience data: how does your site compare? Discover the 2025 Digital Experience Benchmark Report.
Download the Report
Content Square Logo

Security at Contentsquare

View and download our security, privacy and legal documentation.

View our documentation
View our documentation

Cloud Security, Infrastructure and Architecture

CS Live Icon
Cloud Provider

Contentsquare leverages third-parties as cloud providers benefiting from state-of-the-art facilities and strict security controls in place. The cloud provider manages the physical and environmental security of facilities and the logical security of high level services that Contentsquare relies on.

AWS EU pipeline: Production in AWS Ireland, Backup in AWS Stockholm. AWS US pipeline: Production in AWS North Virginia, Backup in AWS Oregon.

Azure EU pipeline: Production in Ireland and backup in Netherlands. Azure US pipeline: Production in Virginia and backup in Washington.

Product Updates Icon
Cryptography

We do not process nor store confidential data. However, strong cryptographic mechanisms are in place to ensure data in-transit and at-rest security:

Data in transit is encrypted and secured from the user's browser to the application via TLS (ranked A by Qualys SSL labs)

VPN and SSH for technical administratives accesses Data at rest encrypted with AES 256

Autocapture Icon
Security Testing

Annual penetration test targeting our infrastructure and public facing services is conducted by external security specialists.

Monthly scans and cloud compliance assessments are also performed. As well, we have a bug bounty program in place.

Bi-weekly vulnerability scans.

Public bug bounty in place.

Errors Icon
Backup & Disaster Recovery

Contentsquare provides disaster recovery and business continuity through multiple means:

Use of several Availability Zones in the region

Use of an "infrastructure as code" paradigm which allows rebuilding a full platform from scratch

Replication of data in a backup region

Compliance

Contentsquare is ISO 27001 certified and holds a SOC 2 Type 2 report

  • Image - ISO 27701 color

    ISO 27701

  • Image - ISO27001 Color

    ISO 27001

  • STAR level one

    STAR

  • AICPA-SOC-2-badge-rgb

    AICPA SOC 2

  • hipaa logo

    HIPAA

Product Security

  • Journeys Icon
    SDLC (Software Development Life Cycle)

    Before deployment, new developments are qualified, reviewed and automatically tested through our code quality pipeline which validates that the version conforms with our standards in terms of functionality, code coverage, performance and security.

  • Increase Lifetime Icon
    Application Authentication

    Strong password policy is in place. Single Sign-On is available. The supported protocol is SAML 2.0.

    We support two types of authentication: - Standard authentication (12 characters minimum length, complexity options and CAPTCHA), - SAML SSO v2.0 (complexity rules are imposed by the customer's IDP).

    Our solution supports Multi-factor authentication.

  • Find Errors Icon
    Monitoring

    Contentsquare leverages a web-application firewall to detect and block application-level attacks, vulnerability and for incident response automation.

    Continuous monitoring and alerting through our SIEM solution.

  • Heatmaps Icon
    Data Segregation

    Contentsquare provides a multi-tenants service that means that customers share the same infrastructure.

    The segmentation of customer data is logical: all data collected is linked to a customer ID that is required by the application to fetch back the data.

  • Errors Icon
    Incident Notification

    A security incident management process is established to timely respond to incidents. Our process consists of:

    - Identification, management and resolution of security incidents.

    - List of relevant authorities’ contact information

    - Process for notifying customer (48 hours upon discovery of a confirmed security incident impacting customer data)

    - Process for learning from incidents

    - Process for safeguarding evidence

  • Product Icon
    Tag Security

    We are completely aware that the main risk about our solution is the hijacking of the Javascript that is used as third-party libraries.

    To protect against that we have the following layers of controls:

    - Public bug bounty program

    - SRI checks

    - Tag integrity monitoring

    - External penetration tests performed annually on the tag

    - SDLC process with peer-review, static code analysis and dynamic analysis of every change, this process is audited by external party is it is in the scope of our ISO 27001 certification

View and download our security, privacy and legal documentation.

Corporate Security

Security Organization & Governance

Contentsquare has an established function responsible for security and data compliance across the organization. Contentsquare security governance and ISMS closely follows ISO 27001 standard:

  • Annual risk analysis

  • Key Performance Indicators are issued quarterly to ensure that the ISMS is running efficiently

  • Dedicated security policies and procedures that cover all of the 133 controls of the ISO 27001 (reviewed annually)

B2B-Masthead
PublicSector-Masthead

People Security

At Contentsquare, security starts with its people. Contentsquare invests in properly vetting and training staff to ensure that there is an organization-wide appreciation for security. Before hire, background checks (identity, education) are performed.

Confidentiality agreements signature and security training completion are deployed and required upon employees’ onboarding.

Corporate IT Security

Contentsquare commits to the highest standards of security. As such, IT corporate resources require an appropriate level of safeguards:

  • Corporate networks are fully segregated from production networks

  • Corporate networks are monitored by an Intrusion Detection System

  • Corporate networks and devices are analysed monthly with a vulnerability scanner

  • Laptops are pre-configured with an endpoint protection and antivirus software

  • Laptops hard-drives are encrypted at-rest

  • Clean desk policy

Tech-Masthead

Get insights 
that transform