Security
That Ensures
Peace of Mind

CUX gives you full control over behavioral data privacy. Powered by EU-based infrastructure, bank-grade encryption, and trusted security practices designed for enterprise peace of mind.

GDPR-compliant

TLS 1.2+ & AES-256 encrypted

EU-based data storage

Code audit-ready

Security Architecture Built for Enterprise Demands

Data Encryption

We secure behavioral data with TLS 1.2+ in transit and AES-256 at rest - standards trusted by banks and healthcare. Sensitive inputs are masked in the browser so nothing personal is ever exposed.

Access Controls

Our role-based access control (RBAC) system and least-privilege policies ensure the right people access the right data. We monitor for brute-force attempts, block IPs, and log all activity for full traceability.

Secure Infrastructure

Your data stays in the EU. We host only in ISO 27001-certified data centers in Frankfurt, Warsaw, Roubaix, and Strasbourg, protected by firewalls, DDoS mitigation, and 24/7 monitoring.

Trusted by top brands across industries

01

Security emmbedded in development

We apply secure coding practices, peer code reviews, and regular static application security testing (SAST) throughout development ensuring software quality and operational resilience from the ground up.

02

Formal security policies & incident response

We follow formal security policies, conduct regular audits, and maintain tested incident response protocols, ensuring we’re prepared, accountable, and continuously improving.

03

Minimal data by design

We avoid overcollection by default. CUX only tracks the behavioral data required for analysis. No keystrokes, no personal identifiers. This approach reduces exposure and supports compliance with internal governance standards.

04

Enterprise-grade audit readiness

We’ve passed multiple enterprise-led security reviews with no findings. Our architecture, data flow, and security controls are fully documented and and audit-ready at any time.

05

Enterprise features for full control

We offer client-side script hosting and access to our tracking logic for enterprise clients, enabling internal audits, self-hosting, and full visibility into what’s collected and how.

Do You Have Questions?
We Have Answers

Does CUX collect personal or sensitive data?×

No. By default, all sensitive inputs such as form fields are automatically masked in the user’s browser before any data reaches CUX servers. No personally identifiable information (PII) is collected or stored. Enterprise clients can configure additional masking using CSS classes, GTM, or advanced privacy

Where is CUX data stored and how is it protected?+

All data is stored exclusively within ISO 27001-certified data centers in the European Economic Area (EEA), including Frankfurt, Warsaw, Roubaix, and Strasbourg. Data in transit is encrypted using TLS 1.2 or higher, and data at rest is protected with AES-256 encryption - both industry standards for enterprise security.

What compliance standards do you follow?+

CUX is 100% GDPR-compliant. We're actively pursuing SOC 2 certification and align with other global standards like CCPA, UK GDPR, and LGPD. Enterprise clients receive full documentation and audit support.

Does CUX record user screens or sensitive inputs?+

No. CUX never records screen content or captures sensitive inputs. Instead, it reconstructs page views using anonymized HTML, and sensitive data is masked before transmission.

How does CUX impact website performance?+

CUX is optimized for minimal impact on website loading times, even on high-traffic or complex sites. The tracking script is lightweight and does not slow down user experience.

Can I control or audit what CUX collects?+

Yes. You can mask fields using CSS, manage exclusions via GTM, and (for enterprise clients) self-host the tracking script or request code access. Full audit support is available.

Has CUX been reviewed by external auditors?+

Yes, CUX has been audited by multiple enterprise security teams with zero findings. Our systems are also under regular independent review.

Can I disable CUX tracking for specific users or pages?+

Yes. You can block or remove the CUX tracking snippet for specific users or pages (for example, via Google Tag Manager or direct script management), ensuring that no data is collected from those areas.

What should I include in my privacy policy about CUX?+

CUX provides a ready-to-use privacy policy snippet. It explains that CUX collects only technical and behavioral data, does not record personal information, and masks sensitive inputs at the browser level. You should adapt this text to your service and consult your legal advisor for compliance.

Who can I contact for security, compliance, or audit inquiries?+

For audit requests, security documentation, or custom compliance needs, enterprise clients can contact: security@cux.io