PlaybookUX Security Center

Welcome to the security and privacy center! View all terms and policies here. If you have any questions, please contact us through our chatbot or email


ISO 27001 & 27701 Certified

PlaybookUX is ISO 27001 & 27701 certified. This demonstrates that PlaybookUX has the necessary controls in place to mitigate the risks related to security, availability and confidentiality.

SOC 2 Type II Certified

Our recent SOC 2 Type II demonstrated that PlaybookUX has controls in place related to security, availability and confidentiality. Our reporting period concluded August 1st 2022. PlaybookUX is committed to annual SOC 2 audits. Customers interested in attaining our recent SOC 2 Type II report should contact


When signing on with PlaybookUX, your data is hosted with the following provider:

Amazon Web Services in Virginia, United States

The data center is SOC2 Type II certified and in a safe environment.

Security Program: OWASP

Our company bases its security program on OWASP. Our security program covers the following but not limited to: Information classification and protection, access control, software development, compliance with laws and regulations, security in Human Resources, acceptable use of information IT devices, authorized/unauthorized use and disclosure of data, incident management and response procedures for both security and privacy incidents, retention and destruction of data. To request a copy of our internal security procedures document, please email

Data Protection Officer

We have a data protection officer who is a member of our staff and is accountable and responsible for managing information security. Please contact for information on contacting our Data Protection Officer.

Penetration Testing

PlaybookUX uses third party security tools to continuously scan our platform for vulnerabilities. We engage annually with third-party security experts to perform thorough penetration tests on the PlaybookUX application.


We are fully committed to GDPR regulations. Please read our privacy policy here for more information.


We comply with CCPA regulations. Please read the CCPA notice here.


All of our user data is stored on Google Cloud Platform & Amazon Web Services which are both fully HIPAA compliant. 

Google Cloud Platform HIPAA Policy:
Amazon Web Services HIPAA Policy:

PlaybookUX has a Business Associate Agreement (BAA) with both Google Cloud Platform & Amazon Web Services. A Business Associate Agreement is required by law for HIPAA compliance.


Our organization is PCI DSS compliant. All payments route through Stripe, our payment processor.


We only use strong cipher suites and have features such as Perfect Forward Secrecy fully enabled. Our API and application endpoints are TLS/SSL. Our data in transit and data at rest are encrypted with secure algorithms. All SSL certifications are issues by Amazon Web Services.

– Data in transit: SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256

– Data at rest: AES-256 encrypted

Virtual Private Cloud

All of our servers are contained within our own virtual private cloud (VPC) with network access control lists (ACLs) which prevent unauthorized requests getting to our internal network.

Incident Response Plan

Our IT & security team perform rotation shifts (24 hours per day, 7 days per week) and has a thorough escalation policy.

Permissions & Authentication

Access to customer data is restricted to authorized employees who require it for their job role. PlaybookUX operates 100% over https. There are not corporate resources nor additional privileges from being on PlaybookUX’s network.

We have 2-factor authentication (2FA) and strong password requirements for Google, AWS, Github and Google Cloud Services to ensure access to cloud services are protected. 

Daily Monitoring, High Availability & Daily Backups

– We continuously monitor our servers to prevent interference and access from outside intruders. Our IT team regularly reviews the logs and notifies the team of any security concerns. Please request the latest scan results by emailing

– Our uptime is 99.999% YTD

– We perform backups daily.

Permanent Deletion

Customers have the option to permanently delete their data from PlaybookUX. Data can be restored up to 30 days after deletion.

Data Request

We do not share your data with third parties. If requested, we can provide a copy of your data in a readable and usable format within 3 business days.

Data Privacy

Your data is yours. PlaybookUX does not sell or rent any customer information or information provided to us. For more information, please review our privacy policies.

Employee Training & Confidentiality

– All PlaybookUX employees, contractors and vendors have passed background checks.

– The aforementioned parties sign confidentiality clauses

– Security procedures are updated frequently and distributed to all employees

– All employees undergo annual Security & Awareness training

Subscribe to our status page

– Stay up to date and receive notifications about downtime & security incidences



Non Disclosure Agreement (NDA)

Our testers agree to keep your testing assets private.

Tester Privacy Policy

Read how we protect your privacy.

Tester Terms of Service

View our terms of service. By using our platform, you agree to abide by them.

Company (Client) Privacy Policy

Read how we protect your privacy.

Company (Client) Terms of Service

View our terms of service. By using our platform, you agree to abide by them.

Data Subprocessors

Learn how your data is processed and who we’ve signed data processing agreements with.

Data Processing Agreement

This document defines how we process our client’s data

GDPR Privacy Policy

PlaybookUX is GDPR compliant.

CCPA Notice

PlaybookUX complies with CCPA regulations.

Promo Code Terms

Read about our promo code conditions.

Start getting feedback today