Security at appcues

Your security is our top priority

Appcues is committed to being the most trusted platform for product-led businesses. Data protection, quality, and integrity are at the core of our operations. That’s why everyone from disruptive startups to companies on the Fortune 500 choose Appcues to accelerate growth through their products.

Security and compliance credentials
SOC 2 Logo
Privacy Shield Logo
salesforce logo
logmein logo
lyft logo
squarespace logo
brex logo
xandr logo
pearson logo
lyft logo
twillio logo

The Appcues Platform consists of a web application that delivers content to customer applications, and a software development kit (SDK) that serves that content. Our data is stored in secure environments, completely managed by first-class cloud vendors like Amazon and Google.

Reporting Issues

At Appcues we take any reports of vulnerabilities seriously. If you encounter a security issue with any of our software or services, please report it to We have an internal SLA for responding to such issues, and are committed to responding and fixing any issues promptly. Please note that it is against our Terms of Service to run automated security scanning tools against our system without prior approval. If you are interested in providing such a service, please contact us at


Appcues is committed to protecting your personal information. For more details, please see our Privacy Statement.


The Appcues Platform is designed for redundancy and the expectation that failures will happen. Our web application is hosted separately from our APIs, which are also separate from our databases.

Frequently asked questions

Does Appcues have an Information Security Policy (ISP)?

Appcues maintains a comprehensive information security policy, called the “Appcues Security Policy.” All new personnel are required to attend an information security training session during onboarding, and current employees attend an annual training session.

What physical security controls does Appcues have in place?

Production data is stored in third party data center providers such as AWS, and physical data center security is managed by those third-parties. Appcues personnel do not have physical access to any critical production systems.

Does your organization have business continuity and disaster recovery plans in place to maintain or quickly resume any services?

Appcues maintains both business continuity and disaster recovery plans along with Runbook to facilitate decision making during critical situations.

Do you conduct a Data Protection Impact Assessment (DPIA)?

Yes, our assessment process includes classifying different types of data, and risk assessing each type individually. More information about the types of data we collect can be found on our privacy page.