Security information

How your information and privacy are protected on UsabilityHub.

Security at UsabilityHub

We understand that the security and privacy of your company's information is extremely important. To this effect, we make every effort to ensure that your information is always handled responsibly and securely. This page aims to answer some of the questions we frequently receive regarding security practices at UsabilityHub. If you have any other questions please don't hesitate to contact us.

Responsible disclosure policy

If you are a security researcher who has discovered a potential vulnerability, see our responsible disclosure policy for guidelines around how to report this using the appropriate channels.

Secure access

All access to the UsabilityHub website and application is restricted to HTTPS encrypted connections. UsabilityHub does not service insecure HTTP requests.


UsabilityHub is hosted on Heroku servers. See Heroku's security policy for more information.

Image storage

Your images are hosted securely on Amazon S3 at secure URLs. See Amazon's security policy for more information.

We store your test, test images, and test results until you delete them. When you delete a test from our system we remove it from our database, remove all of the responses, and delete the images from Amazon S3.


UsabilityHub keeps rolling backups for up to 4 months, which are stored securely. Deleted content may remain in backups for this duration.

Password storage

UsabilityHub passwords are stored responsibly using BCrypt. They are never stored in plaintext and are not readable by staff.

Code review and auditing

UsabilityHub performs regular security audits, including manual and automatic code reviews.

Updates to UsabilityHub's software undergo a code peer review procedure within our development team to ensure quality and security are maintained.

Automated testing is employed to minimise the risk of introducing errors and security vulnerabilities.

UsabilityHub employee access

The information in your account is kept confidential by UsabilityHub employees. Please see our privacy page for more information.

Credit card handling and storage

Credit card processing is handled by Stripe. Credit card numbers and CVC numbers are handled exclusively by Stripe in accordance with PCI Data Security Standards (PCI DSS) and are note made available to UsabilityHub. Please see Stripe's Security Documentation for more details about their payment system and security measures.

UsabilityHub staff can delete your credit card from Stripe upon request.