VWO Logo
Dashboard
VWO Testing

Leading Innovation In the World of CRO for A Decade

VWO helps you create delightful digital experiences for your customers and increase conversions across the entire customer journey by providing one integrated platform to meet all your conversion rate optimization needs.

Know More
Complies with:
VWO GDPR Ready Badge
VWO CCPA Ready Badge
VWO G2Crowd Leader Spring Badge
VWO BS 10012 Certification Badge
Follow us and stay on top of everything CRO
Related content:

ISO 27701:2019—VWO’s Commitment Towards Data Protection and Security

5 Min Read
Feature Image Vwos Commitment Towards Data Protection And Security

With progressing technology, cyber-attacks are evolving by the hour. With more than 89% of businesses using software as a service (SaaS) as their cloud computing model, security is the biggest and one of the most concerning challenges for online businesses.

Download Free: A/B Testing Guide

SaaS has been there for a while. Yes, subscription-based services like Netflix and Amazon’s video streaming vertical Prime are SaaS too, and so are your email services like Gmail and Yahoo. Given its versatility and agility to cater to a large variety of customers, SaaS is a hot-selling model that businesses are adopting to scale globally. But it’s equally challenging for businesses to protect colossal customer data from the prevailing and ever-evolving cyber attacks. If any potential vulnerability is neglected, this data could prove devastating for businesses as customers trust their data with companies and have little control over it. 

To combat such attacks, SaaS businesses need to stay at par with the international cybersecurity standards for robust gatekeeping in their security and compliance endeavours to protect customer data and privacy. In this blog post, we have discussed the security measures VWO follows to stay updated with the dynamic security landscapes, ensuring a seamless and secure customer experience.

Is VWO GDPR compliant?

VWO is not only GDPR compliant but also certified to meet a broader set of international and industry-specific compliance standards, including ISO 27001, ISO 27701, and PCI-DSS, and is also compliant with various other global data protection laws such as HIPAA, CCPA, PIPEDA, etc.

What is the ISO/IEC standard?

ISO/IEC 27701:2019 (ISO 27701) is internationally recognized and built as an extension of the widely-used ISO/IEC 27001 and ISO/IEC 27002 standards for information security management. VWO follows the global privacy standard that focuses on collecting and processing personally identifiable information (PII), including passwords, card information, phone number, social security numbers, etc. VWO anonymizes such sensitive data of users before storing them on its servers. This standard focuses on three main factors:

  1. Providing a framework for implementing, maintaining, and continuously improving a Privacy Information Management System (PIMS).
  1. Includes requirements and guidance for organizations acting as PII controllers and PII processors, a key distinction from General Data Protection Regulation (GDPR) compliance, and other privacy laws.
  1. Providing confidence to stakeholders and customers that organizations are maintaining the highest standards in managing privacy risks related to PII.
Isoiec 27701

How is it important for VWO?

Being a SaaS organization, VWO handles client data such as personal details, card numbers, visitor profiles, etc., with utmost responsibility and care. To mitigate the risk of any data breaches, VWO anonymizes the data at the point of collection at DACDN nodes, which can never be re-identified once anonymized.

In addition, VWO helps customers minimize their data protection compliance burden right from the point of data collection.

“Data minimization (ensuring that data collection and retention is restricted to only those categories of data that are absolutely necessary for a specific purpose) is a fundamental privacy principle that should form part of any sound information security and data privacy strategy. If you don’t need it, don’t collect it.”

~Maheshnarayan Sarasan, Data Protection Officer, Wingify

In pursuing compliance with the international standards for security and privacy, VWO has received an accredited ISO/IEC 27701:2019 certification as PII processor and controller after undergoing an audit by an independent third party.

This universal framework allows VWO to efficiently comply with new regulatory requirements and keep their customers’ information secure.

Download Free: A/B Testing Guide

How does VWO protect customer data from cyber-attacks?

VWO is committed to ensuring security of customer data by following robust internal data security and privacy practices: 

  • VWO does not collect and has maintained strict processes to avoid collecting or receiving PII like credit card information.
  • Data Encryption: VWO follows best practices for cryptographic protection controls using trusted cryptographic technologies for data at rest and data in transit. 
  • Secure Software Development Life (SDL) Cycle: VWO follows a secure Software Development Life Cycle with an emphasis on security and privacy throughout the product development processes. The SDL cycle includes a set of practices that support security assurance and compliance requirements that help address data protection and privacy requirements which includes effective privacy reviews for every VWO product.
  • OWASP Top 10: VWO is protected against OWASP Top 10 security threats. It internally uses OWASP to establish consensus about the most critical security risks to web applications and protect the app from potential external threats at the application level. Customers are also encouraged to conduct vulnerability scans at individual level with VWO’s permission.
  • Regular update of software dependencies: VWO has an internal alerting system that flags security updates to the team, enabling them to take swift action to combat any threats. 

Know more about VWO security here.

The way forward: commitment to compliance

More than 2500+ customers trust VWO with their data, and this responsibility is something we take very seriously. With ISO 27701:2019 certification, VWO stands fast on its commitment to build a strong culture of secure systems and privacy across all aspects of the business. The ISO frameworks emphasize continuous improvement, aligning well with VWO’s passion for keeping pace with an ever-changing threat landscape to protect customer data.

One of the recent changes to the international legal landscape surrounding data protection was the July 2020 Schrems II judgment of the Court of Justice of the European Union (CJEU) that declared the European Commission’s Privacy Shield decision was invalid based on the level of government surveillance and control over data in the United States.

In June 2021, the European Commission adopted new Standard Contractual Clauses (SCCs) that specifically take into account the Schrems II judgment. These new SCCs have been made mandatory from September 2021. In anticipation of the same, we have already incorporated these new SCCs into our data protection agreements to ensure that we remain future-ready regarding GDPR compliance.

~Maheshnarayan Sarasan, Data Protection Officer, Wingify

If you are looking to build a CRO program to increase conversions for your business and want a breach-free and end-to-end protected and safe ecosystem to work with, start a 30-day free trial with VWO. You can alternatively request a demo to understand the product and get answers to all your security and compliance-related queries/concerns from VWO’s seasoned security experts. 

Nida Zehra
Nida Zehra As a marketing professional and storytelling enthusiast, I prioritize understanding data and insights over everything else while crafting a new story for experimentation. Besides work, you can find me reading fiction and, at times, metamorphosing into an artist through some discerning sorcery, which leads me to maintain an art and poetry blog on Instagram. Towards an innate linguistic inclination, I am currently looking forward to learning Persian to read and understand layers of the 14th-century Iranian poet Hafez's work—one of my most treasured literary possessions.
Share
More from VWO
An eCommerce Marketer’s Definitive Guide to Visual Search

An eCommerce Marketer’s Definitive Guide to Visual Search

Google is constantly changing its algorithms and updates, and eCommerce brands looking to outperform the…

Read More
Lucy Manole

Lucy Manole

9 Min Read
Top 13 Best A/B Testing Tools in 2023

Top 13 Best A/B Testing Tools in 2023

Aren’t we all familiar with the saying “A good workman never blames his tools”? This…

Read More
Pratyusha Guha

Pratyusha Guha

15+ Min Read
Getting Started With Mobile App A/B Testing? Here Are Ideas You Can Try Immediately 

Getting Started With Mobile App A/B Testing? Here Are Ideas You Can Try Immediately 

If you want to start experimenting with your mobile apps, this is the article you…

Read More
Pratyusha Guha

Pratyusha Guha

15 Min Read

Scale your A/B testing and experimentation with VWO.

Start Free Trial Request Demo
Invalid Email

DOWNLOAD A/B TESTING FREE E-BOOK

FREE A/B TESTING KIT

All you Need to Know About Conversion Optimization Get the Guide