Compliance

Our compliance program ensures that you and your customers can trust Optimizely and have third-party assurance that effective and robust controls protect your data.

Optimizely Digital Experience Platform, Web & Server-side Experimentation Services and Campaign are ISO 27001 certified

To protect the information assets at Optimizely took the necessary steps to achieve ISO 27001:2013 standard certification. This process included internal auditing, critical testing, inspections, assessments and reviews of Optimizely’s information security management system.Independent third-party certification means you can trust that Optimizely has robust, effective security and privacy controls to protect your data.

CCPA compliance

The California Consumer Privacy act (CCPA) represents a vital step toward ensuring individual privacy rights in California and helping drive more secure and protected online engagements throughout the US. We fully support CCPA in our internal processes and Optimizely can help customers leverage our products to achieve CCPA compliance.

GDPR compliance

At Optimizely, data protection and GDPR compliance is a core pillar of our software and service development by design. This enables you to efficiently achieve and maintain compliance without compromising the functionalities that make you a digital leader. We have enhanced our data protection controls to be compliant with Schrems-II. We fully support data access and data deletion requests personal staff and customer information.

PCI compliance

Optimizely provides components that you can feel comfortable using around sensitive cardholder data. We provide externally audited PCI DSS or self-attested PCI attestations of compliance for relevant products.

Infrastructure compliance

After platforms undergo rigorous third-party confirmation of process and technical controls, we inherit their controls and implement our own compliance framework on top of their tools.