Strengthening trust and confidence

Data security and compliance are paramount in today's digital landscape, especially when it comes to user research. At Lyssna, we prioritize the protection of your data through our robust security and compliance features including GDPR compliance, SOC2 certification, custom passwords policies, and SAML SSO. Below, we share how these features work in Lyssna.

How security works and why it’s important

Let’s explore the security and compliance features in Lyssna, providing use cases and examples to demonstrate their practical applications and benefits. 

Security Assertion Markup Language Single Sign-On (SAML SSO) 

SAML SSO is an authentication and authorization mechanism that enables users to access multiple applications and services with a single set of login credentials. SAML SSO works based on a trust relationship between an identity provider (IdP) and service providers (SPs).

Lyssna supports the two most common identity providers, Okta and Azure XD, and can also work with enterprise customers to support additional identity providers as needed.

SAML is available to all Lyssna customers on an Enterprise plan, providing you with seamless access to various applications while maintaining strong security controls.

Sign in page for Lyssna with SAML

An example of where this feature would be beneficial is an enterprise with multiple user research teams. By integrating SAML SSO, team members can securely access Lyssna using their existing corporate credentials, streamlining authentication processes and ensuring consistent access controls across the organization.

Custom password policies

With Lyssna's password complexity rules, you can reinforce the security of user accounts on our platform, which is particularly useful for enterprise customers that don’t use SSO.

It allows you to set specific password requirements, such as length, complexity, and special characters, so you can ensure that your user accounts are protected against unauthorized access and potential data breaches.

If your company has a password policy, this can help ensure that you can still use Lyssna and conform to security standards.

System and Organization Controls (SOC 2) compliance

SOC 2 is a robust auditing procedure designed to ensure that we, as your service provider, prioritize the secure management of data, safeguarding the interests of your organization and the privacy of your clients. 

Lyssna possesses a SOC 2 Type II certification that encompasses the trust service principles of security, availability, and confidentiality. Each year, we undergo an annual audit from an AICPA-certified firm as part of our commitment to ensuring compliance in the following areas:

  • Security: The system is safeguarded against unauthorized access, both physically and logically.

  • Availability: The system is available for operation and use as committed or agreed.

  • Confidentiality: Confidential information is diligently protected in accordance with agreed-upon measures.

By implementing these comprehensive security controls and adhering to industry best practices, we want you to feel assured that your data is in safe hands.

Man holding smartphone with secure login page

If you’re conducting sensitive user research, you can leverage our SOC 2-certified platform and demonstrate to your clients and auditors that you’re partnering with a secure and compliant user research provider, instilling trust and confidence in your data protection practices.

Customers or potential customers interested in attaining a copy of our SOC 2 report can contact us.

General Data Protection Regulation (GDPR) compliance 

GDPR is a comprehensive EU law introduced to safeguard the personal data and privacy of European Union citizens. It establishes guidelines for responsible storage and handling of personal information, consent procedures, rights to correction and erasure (the right to be 'forgotten'), data breach response and reporting, and more. 

Laptop on table showing GDPR logo

For example, say you work at a software company based in the Netherlands and conduct user tests using Lyssna. By leveraging our GDPR-compliant features, you can easily obtain participant consent, define data retention policies, and demonstrate compliance with GDPR regulations to protect user privacy.

This moves beyond the EU as well. Effective since May 25, 2018, Lyssna's privacy policy ensures that all users, regardless of citizenship, are afforded the rights outlined by the GDPR. We prioritize the responsible collection, handling, and storage of your personal information in accordance with these regulations.

We’re committed to providing a secure and reliable user research platform

At Lyssna, security and compliance are at the core of our platform. Our robust security measures, in combination with our commitment to data protection regulations, ensure that your sensitive user research data is safeguarded throughout its lifecycle. 

Trust Lyssna to protect your data and enable secure and compliant user research experiences.

Elevate your research practice

Join over 320,000+ marketers, designers, researchers, and product leaders who use Lyssna to make data-driven decisions.


Does Lyssna undergo regular security audits?
minus icon
minus icon
What measures does Lyssna take to protect the confidentiality of data?
minus icon
minus icon

You may also like these articles

Sign up to our newsletter

We'll keep you updated with the latest UX insights and more.