Customer.io Security Qualifications
UpdatedWe’re serious about data privacy and security—not just for our company, but for you and your users. This page lists the certifications we’ve earned to ensure your data is safe with us.
The certifications we’ve earned are the result of independent, third-party audits that verify our compliance with (and commitment to) industry standards and best practices.
See our full security policy
You can read more about our security practices on our website and download our compliance documents.
ISO 27001 certification
Customer.io is certified for ISO 27001 compliance as of September 24, 2024. Our certification expires September 24, 2027. See our certificate.
ISO 27001 is an international standard for information security management systems (ISMS). It provides a framework of policies and procedures that includes all legal, physical, and technical controls involved in an organization’s information risk management processes.
Conforming with ISO/IEC 27001 means we’ve put systems in place to manage risks related to data security and respect all of the international standard’s best practices and principles.
SOC 2 Type 2 certification
Customer.io successfully completed the SOC 2 Type 2 examination for Security and Availability. You’ll find our SOC 2 report here.
HIPAA compliance
Customer.io is HIPAA-ready (Health Insurance Portability and Accountability Act of 1996), meeting the privacy and security requirements of both the healthcare industry and your valued customers.
Contact your Customer.io representative if you’d like more information about Customer.io’s HIPAA compliance or want to sign a Business Associate Agreement (BAA) with us. You can request a copy of our HIPAA report here.
