Trust Center

Start your security review
Search items
ControlK

Fullstory’s behavioral data platform helps technology leaders make better, more informed decisions. By injecting digital behavioral data into their analytics stack, our patented technology unlocks the power of quality behavioral data at scale–transforming every digital visit into actionable insights.

With Fullstory, enterprise businesses move closer to their customers and closer to success. When organizations understand their customers like never before they’re able to create world-class experiences that increase funnel conversion, easily detect malicious behaviors and fraud, and identify their highest-value customers effortlessly.

Start your security review
VMware-company-logoVMware
Peloton-company-logoPeloton
Vroom-company-logoVroom
Adobe-company-logoAdobe
JetBlue Airways-company-logoJetBlue Airways
Travelers-company-logoTravelers
Forbes-company-logoForbes
Fortive-company-logoFortive
Mammut Sports Group-company-logoMammut Sports Group
William Hill-company-logoWilliam Hill
SoundCloud-company-logoSoundCloud
CarMax-company-logoCarMax
Privacy and Security Whitepaper

Trust Center Updates

FullStory's response to the recent "xz" backdoor disclosure

VulnerabilitiesCopy link

FullStory's PSIRT has been tracking the disclosure of a backdoor in the popular open-source package, xz. FullStory can confirm that our infrastructure does not use any of the impacted versions of xz, nor does that infrastructure use any of the impacted versions of operating systems that had shipped a vulnerable version. We will continue to monitor threat intelligence and news sources for any information that may require an update to this posting.

Published at N/A*

FullStory is now ISO 27017 and ISO 27018 certified... and our new ISO 27001 and 27701 certificates are here!

ComplianceCopy link

Trust is one of our core watchwords and we hold our responsibility as protectors of our customers' information in the highest regard.

We are happy to say that our latest ISO certificates are now available, including our brand new ISO 27017 (Information Security in the Cloud) and ISO 27018 (Data Protection in the Cloud) certificates!

Our ISO 27017 certificate is available here

Our ISO 27018 certificate is available here

Our new ISO 27001 certificate is available here

Our new ISO 27701 certificate is available here

Our Statement of Applicability for all four is available here

Published at N/A

FullStory's 2024 Penetration Test Executive Reports now available

ComplianceCopy link

Trust is one of our core watchwords and we hold our responsibility as protectors of our customers' information in the highest regard. We are happy to say that our latest Penetration Test Executive Report is now available.

Our Penetration Test Executive Report is available here

Published at N/A

FullStory's 2023 SOC2, Type 2 and SOC3 Reports now available

ComplianceCopy link

Trust is one of our core watchwords and we hold our responsibility as protectors of our customers' information in the highest regard. We are happy to say that our latest SOC2, Type 2 report is now available.

Our SOC2, Type 2 Report is available here

Our SOC3, Type 2 Report is available here

Published at N/A

FullStory's Response to CVE-2023-38545, curl heap overflow vulnerability

VulnerabilitiesCopy link

Response to customers

FullStory's PSIRT has been tracking the announcement of CVE-2023-38545, a high-severity vulnerability impacting the open-source library, libcurl (patched in version 8.4.0). A blog post by the author of libcurl has shared specific details on the vulnerability and necessary circumstances that would allow for exploitation of this issue. Having reviewed the technical findings, FullStory has no exposure to this particular CVE. Patching of this issue will take place during regular patch management processes, as is the case with many other CVEs that are always being released.

Published at N/A

FullStory's 2023 SOC2, Type 2 + HITRUST Report now available

ComplianceCopy link

Trust is one of our core watchwords and we hold our responsibility as protectors of our customers' information in the highest regard.

We are happy to say that our latest SOC2, Type 2 report is now available, and that it also includes HITRUST mapped controls.

The SOC2 + HITRUST report came out of an effort between the American Institute of Certified Public Accountants (AICPA) and the HITRUST Alliance in order to create a more efficient reporting structure that aligned their reporting frameworks and created a combined assurance program known as the SOC 2 + HITRUST.

The SOC 2 + HITRUST program maps between the Trust Services Criteria and the HITRUST CSF requirements and allows service organizations to be audited on controls from both sets of requirements that are included in a single report.

Published at N/A

FullStory's Response to MOVEit by Progress Software Vulnerability

IncidentsCopy link

Response to customers

FullStory’s PSIRT has been tracking the announcement of the MOVEit by Progress Software Vulnerability since it was announced. Across our services, there is no usage of the MOVEit by Progress Software within our environment, FullStory has no active risk to this vulnerability.

MOVEit by Progress Software Vulnerability Background

To learn more on the background of the vulnerability: https://nvd.nist.gov/vuln/detail/CVE-2023-34362.

Published at N/A

FullStory is now ISO 27701 (Privacy) certified!

ComplianceCopy link

Trust is one of our core watchwords and we hold our responsibility as protectors of our customers' information in the highest regard.

We are happy to say that we are now ISO 27701 (Privacy) certified!

Published at N/A*

If you need help using this Trust Center, please contact us.

If you think you may have discovered a vulnerability, please send us a note.

Powered bySafeBase Logo