UserZoom hits new security milestone with SOC 2 Type II

UserZoom reaches a new milestone in their commitment to enterprise customers security needs

We are thrilled to announce that we have reached a new milestone in security by passing our SOC 2 Type II audit.

When we passed our SOC 2 Type I audit six months ago, we promised our customers that that milestone would not be our last. UserZoom has once more demonstrated our commitment to privacy and security by successfully passing the SOC 2 Type II audit.

And just as we were the first company in the UX space to pass SOC 2 Type I, we are once more proud to say that UserZoom is the only UX research platform to pass the Type II audit.

AICPA is the organization responsible for regulating SOC2 audits

What is SOC 2 and why does it matter?

SOC 2 is a compliance framework that helps companies hosted in the Cloud demonstrate they are compliant with controls related to security and confidentiality, among others. In particular, SOC 2 audits provide companies and their customers with an objective and independent third-party review that measures its compliance with current industry standards.

These audits come in two types called Type I and Type II. Type I looks at the controls in place at a service organization at a specific point in time, while Type II reports on the operating effectiveness of those controls over a minimum period of at least six months.

The SOC 2 audits matter for several reasons, but the primary reason is simple: trust.

Security is only as strong as its weakest link

Enterprise customers need enterprise solutions that they know they can trust.

The truth of the matter is that when you engage in a SaaS relationship with a vendor it means that your data will be hosted in areas out of your control. This poses a potential risk to the data and is why data security is so important. Companies need to be demanding about the quality of service and security that providers supply when handling your data.

That’s why we at UserZoom have always placed a strong emphasis on data security. We have a dedicated security department with a formally appointed security officer and a team of specialized senior security engineers that looks after these procedures and ensure best practices are followed everyday.

Jordi Ibañez, UserZoom’s VP of Security, says, “When we started the process of passing SOC 2 Type I in 2017 we knew it would be time consuming and, quite frankly, difficult. Type II was no different but that is why we did it, and this is why we’re the only company in the UX space that has passed both audits. We did it to demonstrate to our customers that our commitment to data privacy and security always has been, and always will be, a top priority.”

Customers rely on us to protect their data, and we can prove we follow some of the highest standards regarding data security, confidentiality, and availability through these SOC 2 audits.

In fact, not only is UserZoom as a service provider SOC 2 Type II compliant (some vendors use their data center SOC 2 Type II report but that only applies to the processing systems, not the service provider itself) – all our processing facilities and data centers are SOC 2 Type II compliant as well. We review their compliance status in an annual basis to ensure they are up to our quality standards.


Being SOC 2 Type II compliant further showcases our commitment to being leaders in the UX insights space by including security in our roadmap as a key factor and by having a third party report that proves our dedication and commitment to your data security. Getting the SOC 2 Type II report is still not the end-goal for UserZoom, however.

This milestone is just another step that we’ve taken to uphold security as a cornerstone of our product and service. Keeping a SOC 2 is a constant and continuous audit process over time, further demonstrating that UserZoom can fulfill our enterprise customer needs over the long-term.

Learn the cost savings and business benefits of working with UserZoom