Security Overview
Compliance
Userlane is certified for implementation of information security management standards. Userlane exemplifies its commitment to providing a secure product and fulfilling customer needs from a business and security compliance standpoints by receiving ISO/IEC 27001 certification. ISO 27001 is the international standard for information security. It provides a framework for information security management practices and helps organizations establish, implement, operate, monitor, review, maintain and improve ISMS. ISO 27001 is accepted worldwide as an assurance that proper and continual measures have been taken to protect valuable company data.
Userlane is a certified partner of Microsoft.
Microsoft Azure is certified with ISO 27001 – a common standard in the industry. Since the beginning of 2017, Microsoft Azure is also certified with ISO 27018 – a new standard for the protection of personal data in the Cloud.
Infrastructure & hosting information
Userlane decided to work with Microsoft Azure to ensure the strict security and compliance requirements of our enterprise and public service clients are met and allow us to provide a scalable, frictionless service at a global scale.
By joining forces with the industry leader Microsoft, Userlane can rely on a proven security architecture: Over 3,500 dedicated Microsoft cybersecurity professionals help protect, detect, and respond to threats.
All of Userlane’s databases, application servers and network infrastructure are hosted by Microsoft Azure. By relying on Microsoft, Userlane can leverage significant investments that have been made towards the security and compliance of data centers.
Userlane exclusively uses EU data center regions. In order to ensure that the data cannot be used without authorization or passed on, we have also contractually limited the use of the services to the EU region and regulated the access options accordingly. This also applies to the case of maintenance.
Userlane is committed to an uptime SLA of 99.5%. The infrastructure of Microsoft Azure is built for availability. This allows us to guarantee an availability time of 99.5%. This allows less than 4 hours of unavailability per month. In the past, we have seen our performance surpass this minimum barrier on a regular basis.
Userlane works with Azure Network Security Groups to ensure that services running within the Azure environment are accessible only to the networks that need it. Access to network ports of various services is restricted to the extent that access is only possible through services that need access.
Data at rest: All databases use “at rest” encryption, meaning data can only be read if proper authentication takes place on the respective database system. The files in which the data is stored are encrypted so that they can only be accessed by database systems holding the appropriate decryption keys. Userlane uses AES-256 encryption for all data at rest, with encryption keys securely managed via Azure Key Vault to ensure strict access controls and auditability.
Data in transit: Userlane applies transport encryption whenever data is transmitted over an insecure or public network (e.g., outside the virtual private cloud). The type of transport encryption depends on the encryption requested by the client system. Userlane prefers TLS 1.3 for data in transit (TLS 1.2 supported for compatibility) to provide the highest level of security, ensuring data confidentiality and integrity during transmission.
Backups: Userlane drives continuous backups of databases. Those can restore the database state to what it was at any specific time, down to the second. The backups are stored in the same region. Backups are retained for 30 days. These backups are treated as sensitive data. Only specific personnel can access these backups after an internal authorization process.
Resources
Read Microsoft’s Whitepaper about Microsoft Azure Security, Privacy, Compliance
Userlane works with recognized security experts and researchers. Together we aim for the highest possible security of our systems. We perform penetration tests on a yearly basis. Our contractor Cobalt maintains a core of 200+ highly vetted, certified security researchers.
Userlane uses various monitoring tools to ensure maximum availability, performance and security of the application. The monitoring includes but is not limited to the following parameters:
Availability: Availability of the application / Accessibility of backend systems and services
Resources: CPU utilization / Utilization of network interfaces / Utilization of persistent and volatile storage
Performance: Response times of the application / Response times of backend systems / Query times for database contents
Security: Update the status of systems / Error logs / Access logs
Userlane Security Contact: security(at)userlane.com
Legal
Contact email: legal@userlane.com
Cyber Insurance
Userlane GmbH maintains the following insurance relevant to cybersecurity and business continuity. Current policy documentation is available upon request from your Account Executive.
- Cyber incident response and crisis management
- Privacy, breach notification, and data liability
- System damage and business interruption
- Threat and extortion liability
Copyright
The content and works created by the site operators on these pages are subject to German copyright law. Duplication, processing, distribution, or any form of commercialization of such material beyond the scope of the copyright law shall require the prior written consent of its respective author or creator. Downloads and copies of this site are only permitted for private, non-commercial use. Insofar as the content on this site was not created by the operator, the copyrights of third parties are respected. In particular, third-party content is identified as such. Should you nevertheless become aware of a copyright infringement, please inform us accordingly. If we become aware of any infringements, we will remove such content immediately.
Liability for content
As a service provider, we are responsible for our own content on these pages in accordance with general legislation pursuant to Section 7 (1) of the German Telemedia Act (TMG). According to §§ 8 to 10 TMG, however, we are not obligated to monitor transmitted or stored third-party information or to investigate circumstances that indicate illegal activity. Obligations to remove or block the use of information according to general laws remain unaffected. However, liability in this regard is only possible from the point in time at which a concrete infringement of the law becomes known. If we become aware of any such infringements, we will remove this content immediately.
FAQs
Is Userlane deployed securely?
IT deploys our browser extension centrally via group policy in approximately 2 hours. It integrates with your SSO/Active Directory and works immediately with all web applications without requiring code changes. Professional services are available for complex deployments.
What data does Userlane collect?
Userlane collects interaction patterns and usage metrics necessary to provide insights and assistance. We never collect passwords, personal files, or sensitive application data unless explicitly configured by your organization.
Where is data stored?
Organizations can choose data residency in the EU (Frankfurt), US (Virginia), UK (London), or custom regions for enterprise agreements. All data is encrypted at rest using AES-256 encryption.
Where can I find information about Userlane’s uptime and downtimes?
We recommend checking out our Status Page. This will give you the ability to subscribe for updates, view uptimes, be informed of any outages, and view historical data.
Where can I find Userlane’s Data Processing Addendum?
Userlane’s Data Processing Addendum (DPA) can be found here.
How does Userlane encrypts data ?
Userlane encrypts data in transit using TLS 1.2/1.3 and at rest using AES-256 encryption through Microsoft Azure storage encryption mechanisms.
Where can I learn more about the Userlane product?
Check out our Knowledge Center, which has lots of greats articles, resources, how-to’s, and guidance about how to use Userlane. If you still need additional help, you can always reach out to our support team directly in product, or by sending an email to support@userlane.com.
