Trust Center

Start your security review
Search items
ControlK

About Fullstory

Fullstory’s behavioral data platform helps technology leaders make better, more informed decisions. By injecting digital behavioral data into their analytics stack, our patented technology unlocks the power of quality behavioral data at scale–transforming every digital visit into actionable insights.

With Fullstory, enterprise businesses move closer to their customers and closer to success. When organizations understand their customers like never before they’re able to create world-class experiences that increase funnel conversion, easily detect malicious behaviors and fraud, and identify their highest-value customers effortlessly.

Compliance

CCPA Logo
CCPA
GDPR Logo
GDPR
ISO 27001 Logo
ISO 27001
ISO 27001 SoA Logo
ISO 27001 SoA
ISO 27017 Logo
ISO 27017
ISO 27018 Logo
ISO 27018
ISO 27701 Logo
ISO 27701
Privacy Shield Logo
Privacy Shield
SOC 2 Logo
SOC 2
SOC 3 Logo
SOC 3
Start your security review

Fullstory is reviewed and trusted by

VMware-company-logoVMware
Peloton-company-logoPeloton
Vroom-company-logoVroom
Adobe-company-logoAdobe
JetBlue Airways-company-logoJetBlue Airways
Travelers-company-logoTravelers
Forbes-company-logoForbes
Fortive-company-logoFortive
Mammut Sports Group-company-logoMammut Sports Group
William Hill-company-logoWilliam Hill
SoundCloud-company-logoSoundCloud
CarMax-company-logoCarMax
Privacy and Security Whitepaper
SOC 2, Type 2 Report
SOC 3 Report
ISO 27001
ISO 27017
ISO 27018
ISO 27701
CAIQ
SIG Lite
VSA Full
Network Diagram
Pentest Executive Report
Vulnerability Scan Executive Report
ISO 27001 SoA
SIG Core
Cyber Insurance
Technical and Organizational Measures
FAQs About Personal Data at FullStory
Technical Data Captured by FullStory
BC/DR Exercise Report
Business Continuity and Disaster Recovery Policy
Information Security Policy
SOC 2 Audit Letter

Risk Profile

Data Access LevelPublic
Impact LevelModerate
Critical DependenceNo
View more

Product Security

Audit Logging
Data Security
Integrations
View more

Reports

Network Diagram
Pentest Executive Report
Privacy and Security Whitepaper
View more

Self-Assessments

CAIQ
HIPAA Self Assessment
PCI DSS SAQ-A-EP
View more

Data Security

Access Monitoring
Backups Enabled
Data Erasure
View more

App Security

Responsible Disclosure
Code Analysis
Runtime Application Self Protection
View more

Data Privacy

Cookies
Data Breach Notifications
Data Into System
View more

Access Control

Data Access
Logging
Password Security

Infrastructure

Anti-DDoS
BC/DR Exercise Report
View more

Endpoint Security

Disk Encryption
Endpoint Detection & Response
Mobile Device Management
View more

Network Security

Data Loss Prevention
Firewall
IDS/IPS
View more

Corporate Security

Email Protection
Employee Training
HR Security
View more

Policy Summaries

Acceptable Use Policy
Anti-Malicious Software Policy
Backup Policy
View more

Security Grades

Qualys SSL Labs
https://fullstory.com
A+
https://app.fullstory.com
A+

Trust Center Updates

FullStory's response to the recent "xz" backdoor disclosure

VulnerabilitiesCopy link

FullStory's PSIRT has been tracking the disclosure of a backdoor in the popular open-source package, xz. FullStory can confirm that our infrastructure does not use any of the impacted versions of xz, nor does that infrastructure use any of the impacted versions of operating systems that had shipped a vulnerable version. We will continue to monitor threat intelligence and news sources for any information that may require an update to this posting.

Published at N/A*

FullStory is now ISO 27017 and ISO 27018 certified... and our new ISO 27001 and 27701 certificates are here!

ComplianceCopy link

Trust is one of our core watchwords and we hold our responsibility as protectors of our customers' information in the highest regard.

We are happy to say that our latest ISO certificates are now available, including our brand new ISO 27017 (Information Security in the Cloud) and ISO 27018 (Data Protection in the Cloud) certificates!

Our ISO 27017 certificate is available here

Our ISO 27018 certificate is available here

Our new ISO 27001 certificate is available here

Our new ISO 27701 certificate is available here

Our Statement of Applicability for all four is available here

Published at N/A

FullStory's 2024 Penetration Test Executive Reports now available

ComplianceCopy link

Trust is one of our core watchwords and we hold our responsibility as protectors of our customers' information in the highest regard. We are happy to say that our latest Penetration Test Executive Report is now available.

Our Penetration Test Executive Report is available here

Published at N/A

FullStory's 2023 SOC2, Type 2 and SOC3 Reports now available

ComplianceCopy link

Trust is one of our core watchwords and we hold our responsibility as protectors of our customers' information in the highest regard. We are happy to say that our latest SOC2, Type 2 report is now available.

Our SOC2, Type 2 Report is available here

Our SOC3, Type 2 Report is available here

Published at N/A

FullStory's Response to CVE-2023-38545, curl heap overflow vulnerability

VulnerabilitiesCopy link

Response to customers

FullStory's PSIRT has been tracking the announcement of CVE-2023-38545, a high-severity vulnerability impacting the open-source library, libcurl (patched in version 8.4.0). A blog post by the author of libcurl has shared specific details on the vulnerability and necessary circumstances that would allow for exploitation of this issue. Having reviewed the technical findings, FullStory has no exposure to this particular CVE. Patching of this issue will take place during regular patch management processes, as is the case with many other CVEs that are always being released.

Published at N/A

FullStory's 2023 SOC2, Type 2 + HITRUST Report now available

ComplianceCopy link

Trust is one of our core watchwords and we hold our responsibility as protectors of our customers' information in the highest regard.

We are happy to say that our latest SOC2, Type 2 report is now available, and that it also includes HITRUST mapped controls.

The SOC2 + HITRUST report came out of an effort between the American Institute of Certified Public Accountants (AICPA) and the HITRUST Alliance in order to create a more efficient reporting structure that aligned their reporting frameworks and created a combined assurance program known as the SOC 2 + HITRUST.

The SOC 2 + HITRUST program maps between the Trust Services Criteria and the HITRUST CSF requirements and allows service organizations to be audited on controls from both sets of requirements that are included in a single report.

Published at N/A

FullStory's Response to MOVEit by Progress Software Vulnerability

IncidentsCopy link

Response to customers

FullStory’s PSIRT has been tracking the announcement of the MOVEit by Progress Software Vulnerability since it was announced. Across our services, there is no usage of the MOVEit by Progress Software within our environment, FullStory has no active risk to this vulnerability.

MOVEit by Progress Software Vulnerability Background

To learn more on the background of the vulnerability: https://nvd.nist.gov/vuln/detail/CVE-2023-34362.

Published at N/A

FullStory is now ISO 27701 (Privacy) certified!

ComplianceCopy link

Trust is one of our core watchwords and we hold our responsibility as protectors of our customers' information in the highest regard.

We are happy to say that we are now ISO 27701 (Privacy) certified!

Published at N/A*

If you need help using this Trust Center, please contact our Cybersecurity Risk team.

If you think you may have discovered a vulnerability, please send us a note.

Powered bySafeBase Logo