At UXArmy, Security is one of our top priorities. Here we have provided general information about the security of your data, our security practices, and how you can reach a member of the UXArmy Security team if you have any questions.
To know more about UXArmy's Data Protection Appendum, please refer to the link https://www.uxarmy.com/data-protection for more information.
Data Hosting
All confidential and proprietary data including audio and video files, customer and test participant data is hosted through Amazon Web Services (AWS), which is certified to be compliant with the ISO 27001 and ISO 27017 standards. AWS also has SOC 2 attestation.
UXArmy audits changes to the application throughout the product development. Architecture reviews are performed. Code reviews are performed via automated and manual code review processes. We monitor application servers, infrastructure, and the UXArmy network environment to proactively detect any potential breach.
Encrypted Transmission
Data during transmission is secured by encrypting it using 256-bit SSL/TLS.1.2 encryption. This keeps the data secured during transit from your devices to our servers.
Data collection
The platform is not designed to collect Personal Identifiable Information (PII) of your own testers. We collect PII of testers (who choose to register with our User Panel) to manage demographics and connect you with the right test participants.
We don't share a participant's name and email id with anyone. Clients only know that they meet the demographic requirements for the research. Clients only see testers by a User ID which is assigned to them by our platform and doesn't match up with their actual name.
Data processing
During the following of instructions during completion of an independently recorded test, or participating in a remote interview, the application may record some or all of the following:
The video recording and responses to surveys are then available to our Clients for further processing using the platform including:
Credit Cards
We use Stripe to accept payments from our Clients. Stripe complies with PCI level 1 standards in the storage and handling of credit card information. This is the most stringent level of certification available in the payments industry. To accomplish this, Stripe uses the best-in-class security tools and practices to maintain a high level of security.
Vulnerability disclosure and reward program
UXArmy runs a private, invite-only bug bounty program. Invited researchers are eligible for a payment. Those who are not invited to the program may still submit a security bug or vulnerability to UXArmy, such reports may not be eligible for a payment.