Shared Responsibility Model for Security and Privacy
Gain a better understanding of how you and Appcues should share responsibility when it comes to the security of your data.
Table of Contents
As described in the Appcues Trust Center, Appcues invests heavily and continually monitors the Appcues platform to protect the security and privacy of our customer data. However, if your organization uses certain Appcues features, you also have a responsibility to take action to fully protect the security and privacy of the data managed by Appcues. This is commonly referred to as a shared responsibility model. This document describes the shared responsibility of certain Appcues features and their benefits. As new capabilities are introduced, or responsibilities are identified, this page will be updated or expanded.
Appcues Responsibilities
Appcues maintains comprehensive documentation regarding the security of the Appcues platform and the Appcues Security Program in our Trust Center. Security is ever-evolving, and Appcues regularly makes updates or improvements documented there. A few notable aspects of our security program include:
- All customer data is encrypted both in transit and at rest.
- Documentation is maintained to ensure an Appcues installation is compatible with Content Security Policies.
- A SOC-2 audit and report is performed annually by a professional 3rd party auditor.
- A Penetration Test and report is conducted annually by a professional 3rd party security research firm.
- Within 48 hours of discovering any security incident, notice will be sent to impacted Appcues account administrators.
- For accounts enabled for HIPAA compliance, Appcues also ensures all data is processed according to HIPAA regulations.
- For AI Features (Captain AI, AI Insights, and the Appcues MCP Server), Appcues maintains subprocessor agreements with its AI model and tooling providers (currently OpenAI and Langfuse) consistent with the AI Acceptable Use Policy and our Data Processing Addendum.
Customer Responsibilities
The following items are not required to operate Appcues, but by following these responsibilities, customers can improve their security posture using Appcues.
- Customers are responsible for what data they send to Appcues. While Appcues implements many controls to secure customer data while in transit and stored, Appcues cannot determine the sensitivity of the data you send. Appcues also cannot control what data you export from Appcues or send to 3rd party integrations. To limit the data received by Appcues, you can use Appcues Ingest Filtering.
- If the data you send to Appcues or the Experiences you display are sensitive (e.g. contains PII or confidential information that must be shown only to the appropriate user), you can leverage Identity Verification to digitally sign your UserIDs to ensure that only intended users can see Appcues experiences. This is required if you want HIPAA compliance to protect PHI.
- To process data deletion requests according to GDPR, CCPA, or other similar privacy laws, Appcues requires you to confirm the identity of the user, and once confirmed, forward the request to Appcues by contacting support@appcues.com. Appcues cannot handle requests directly from your end users since we cannot verify their identity.
- Customers that use content integrity tags should follow the guidance in the Appcues Content Integrity Tags documentation.
- Customers are responsible for what data they submit to Appcues' AI Features. This includes prompts submitted to Captain AI and any account data made accessible to third-party AI tools through the Appcues MCP Server. As with other Appcues features, Appcues cannot determine the sensitivity of data you choose to submit, and the same data minimization practices described above (Ingest Filtering, Identity Verification) apply to AI Features.
- Customers are responsible for reviewing AI-generated content before it is published or relied upon, including experiences, copy, or recommendations created or suggested by Captain AI or AI Insights. Appcues does not warrant the accuracy of AI-generated output.
- Customers connecting the Appcues MCP Server to third-party AI tools (e.g., Claude, ChatGPT) are responsible for that third-party tool's own data handling practices, terms, and access permissions once Appcues account data has been shared with it. Appcues does not control how a connected third-party AI tool subsequently stores or processes that data.
- Customers should apply the same role-based access control principles used elsewhere in Appcues to determine which Users may access AI Features, including the MCP Server connection.
See also the AI Acceptable Use Policy for additional detail on permitted and prohibited uses of Appcues' AI Features.