Data security policy

Lisa Fockens Updated by Lisa Fockens

Who hosts Wisepops’ servers?

Our infrastructure is hosted by Amazon Web Services and Google Cloud, in the USA. These two providers meet the highest security and data protection standards:

Which domains are involved when using Wisepops on your website?

Refer to Using Wisepops with a Content Security Policy.

What safeguards are in place to prevent unauthorized access to data?

To prevent direct access to our database, we put in place the following restrictions:

  • Only our lead developers have access to the production servers.
  • SSH (with a private key or gcloud utility) is the only way to access our servers. There’s no FTP, our database is not opened to external connections and we don’t use tools like PhpMyAdmin, etc.
  • Our servers are behind a firewall.
  • Our servers are physically secured.

To protect your account, we also took the following measures:

  • The access to is protected by two technologies provided by Cloudflare: WAF & IP reputation firewall.
  • Accounts are protected against brute-force attacks with the Fail2ban solution.
  • Our own application forces the use of HTTPS.

What safeguards are in place to prevent Data Loss and Corruption?

Your data is backed up every day, and stored for 7 days.

As part of our disaster recovery plan, we also back up all the calls to the machines handling popups on our customers’ websites on an AWS private S3 bucket.

What personal data do we store about you?

All the personal details we collect from you (email, password, name, etc.) are listed on your account configuration page. For security reasons, we also collect your IP address, login dates, and user agent. We store these for one month. These details are stored by Google Cloud Logging.

We share some of your personal details (email, website, name, and login) with Segment, Mixpanel, and Intercom for internal use. We remain the only users and owners of this data.

How long do we keep your data?

We preserve your data for two years. After two years of inactivity, we permanently delete all your data, including:

  • You company & billing information
  • Your campaigns
  • The data collected through your campaigns

We define inactivity as the lack of user interaction with our app (, and the lack of recurring payment to maintain an active Wisepops subscription.