Data Security Policy

Lisa Fockens Updated by Lisa Fockens

Who hosts Wisepops’ servers?

Our application ( is hosted by Google Cloud, in the USA. It contains your account information and popups configurations & statistics. All the data is encrypted in transit and at rest.

The data collected within your popups (eg. visitors' emails) is also stored and processed by Google Cloud. This is a serverless infrastructure, that makes connections with external services, such as Mailchimp.

The machines in charge of handling popups on customers’ websites are hosted by Amazon Web Services, in North Virginia, Frankfurt, and Singapore. They are both scalable and ephemeral instances. They are in charge of resolving your popups' scenarios and enriching the collected data before forwarding it to Google Cloud.

All connections between our servers are SSL encrypted for maximum security (RSA 2048 + PCKS8).

These two providers meet the highest security and data protection standards:

Which domains are involved when using Wisepops on your website?

Refer to Using Wisepops with a Content Security Policy.

What safeguards are in place to prevent unauthorized access to data?

To prevent direct access to our database, we put in place the following restrictions:

  • Only our lead developers have access to the production servers.
  • SSH (with a private key or gcloud utility) is the only way to access our servers. There’s no FTP, our database is not opened to external connections and we don’t use tools like PhpMyAdmin, etc.
  • Our servers are behind a firewall.
  • Our servers are physically secured.

To protect your account, we also took the following measures:

  • The access to is protected by two technologies provided by Cloudflare: WAF & IP reputation firewall.
  • Accounts are protected against brute-force attacks with the Fail2ban solution.
  • Our own application forces the use of HTTPS.

What safeguards are in place to prevent Data Loss and Corruption?

Your data is backed up every day, and stored for 7 days.

As part of our disaster recovery plan, we also back up all the calls to the machines handling popups on our customers’ websites on an AWS private S3 bucket.

What personal data do we store about you?

All the personal details we collect (email, password, name, etc.) about you are listed on your account configuration page. For security reasons, we also collect your IP address, login dates, and user agent and store them for one month. These details are stored by Google Cloud Logging.

We share some of your personal details (email, website, name, and login) with Segment, Mixpanel, and Intercom for internal use. We remain the only users and owners of this data.

How did we do?

Vulnerability Reports & Bug Bounty Program

Data and cookie policy