.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
Producto
Recursos
.svg)
ESP
Last Updated: January 2026
UserGuiding is committed to protecting the confidentiality, integrity, and availability of information processed through its products and services. This Information Security Policy describes the principles and governance framework used to safeguard information assets and manage security risks.
This policy is intended to provide transparency into UserGuiding’s information security practices and reflects alignment with recognized industry standards and regulatory expectations.
This policy applies to:
Detailed security procedures, technical standards, and operational controls are maintained internally as part of UserGuiding’s Information Security Management System.
UserGuiding maintains a formal Information Security Management System aligned with ISO/IEC 27001:2022.
Information security governance is overseen by designated security and privacy leadership. Management is responsible for approving security policies, allocating appropriate resources, and ensuring the continuous improvement of the information security program.
Security roles and responsibilities are defined internally and communicated across the organization. Security policies are reviewed on a regular basis to ensure continued effectiveness and compliance with business, legal, and regulatory requirements.
UserGuiding applies a risk-based approach to information security.
Information security risks are identified, assessed, and managed on a periodic basis. Risks are evaluated by considering potential threats, vulnerabilities, and business impact. Appropriate administrative, technical, and physical safeguards are implemented to mitigate identified risks.
Risk management activities support compliance with applicable laws, contractual obligations, and recognized security frameworks.
UserGuiding restricts access to systems and information based on the principles of least privilege and role-based access control.
Access to information systems is granted only to authorized individuals with a legitimate business need. User access rights are reviewed periodically and promptly revoked when no longer required, including upon role changes or termination.
Authentication and authorization mechanisms are implemented to prevent unauthorized access to systems and data.
UserGuiding implements measures designed to protect information throughout its lifecycle.
Customer and business data are protected using encryption in transit and at rest, where appropriate. Data handling practices are aligned with applicable data protection and privacy laws. Access to sensitive data is restricted and monitored.
UserGuiding processes customer data strictly in accordance with contractual agreements and applicable data protection regulations.
Security is integrated into UserGuiding’s system development and operational processes.
Secure development practices are followed throughout the software development lifecycle. Changes to production systems are controlled, tested, and approved prior to deployment. Separation between development, testing, and production environments is maintained to reduce risk.
UserGuiding maintains an incident management framework designed to detect, respond to, and recover from information security incidents.
Security events and incidents are monitored and investigated. Appropriate actions are taken to contain and remediate incidents and to prevent recurrence. Customers and regulators are notified of security incidents when required by law or contract.
UserGuiding implements measures to support service availability and operational resilience.
Backup and recovery processes are in place to protect critical data. Business continuity and disaster recovery plans are maintained and tested periodically. Infrastructure is designed to reduce single points of failure and support service reliability.
UserGuiding evaluates the security posture of third-party vendors and subprocessors that support its services.
Vendors are subject to security and risk assessments appropriate to the nature of the services provided. Contractual safeguards are used to ensure the protection of data processed by third parties. Subprocessors are engaged in accordance with UserGuiding’s Data Processing Agreements.
UserGuiding’s information security program aligns with recognized standards and assurance frameworks, including:
Independent assessments and audits are conducted periodically to validate the effectiveness of security controls.
You can request latest Audit reports on our Trust Center.
This Information Security Policy is reviewed periodically and updated as necessary to reflect changes in business operations, regulatory requirements, and security practices.
This public policy provides a high-level overview of UserGuiding’s information security principles. Detailed internal security policies, procedures, and technical controls are maintained internally and are not publicly disclosed.
For questions related to information security or trust matters, please contact:
security@userguiding.com
YNOT Partners, Inc. (DBA UserGuiding)
