April 30, 2026
Trust Center published
Published our public subprocessor list, FAQ, and security document request path.
UserJourneys Trust Center
Security and compliance information for customers.
UserJourneys helps teams process product, research, and customer journey data. This page summarizes our security posture, compliance status, subprocessors, and how to request non-public documents.
SOC 2 Type I in progress
We are actively working toward SOC 2 Type I and will share the report with eligible customers once complete.
Document access
Draft a security document request.
Select documents
Email draft
Copy this into your email client and fill in the blanks.
To: security@userjourneys.ai Subject: Security document request Hi UserJourneys security team, We are reviewing UserJourneys and would like access to the following security and compliance materials: - SOC 2 Type I report - Penetration test report Company: Requester: Procurement or review deadline: Please let us know if an NDA or additional approval is required. Thanks,
Subprocessors
Current subprocessors
| Provider | Role | Data processed |
|---|---|---|
 Supabase | Critical infrastructure | Customer account, authentication, database, and service data |
 Vercel | Critical infrastructure | Customer account, application hosting, and service data |
 Google Cloud Platform | Critical infrastructure | Customer account, usage, and service data |
 Anthropic | Critical AI processor | Prompts, transcripts, responses, and related customer content |
 Stripe | Billing and payments | Billing contact, subscription, and payment metadata |
 PostHog | Product analytics and session data | Product usage, analytics events, and session data where enabled |
 Sentry | Error monitoring | Application errors, diagnostics, logs, and related metadata |
 Resend | Transactional email | Email addresses, delivery metadata, and transactional message content |
 ElevenLabs | Voice interviews | Voice interview audio, transcripts, and related metadata where enabled |
 Discord | Internal alerts and operational notifications | Operational alerts, support context, and limited customer metadata |
 Cloudflare | Turnstile and security controls | Security challenge, IP, device, and request metadata |
 Slack | Customer and shared communications | Customer communications and related workspace metadata |
Some subprocessors receive data only when the related feature, integration, or workflow is enabled by a customer. Source reviewed April 29, 2026.
FAQ
Frequently asked questions
How do we request security or compliance documents?
Copy security@userjourneys.ai or use the document request draft above. We may ask for an NDA before sharing non-public materials.
Is UserJourneys SOC 2 certified?
SOC 2 Type I is currently in progress. We will update this page when the report is complete and available to customers under the appropriate access process.
Does UserJourneys sell customer data?
No. UserJourneys does not sell customer data or use customer data for cross-context behavioral advertising.
How will customers be notified about subprocessor changes?
Material changes to subprocessors will be posted on this page. Customers with contractual notice requirements can contact us for the appropriate notification process.
Can customers restrict which integrations process their data?
Many processors only receive data when a customer enables the related feature or integration. Contact us if you need a feature-specific data flow review.
Updates
Security and compliance updates
April 2026
SOC 2 Type I audit in progress
UserJourneys is actively working toward a SOC 2 Type I report.