Progress Recognized in 2025 Gartner® Magic Quadrant™ for DXP
Read the Report
Sitefinity Insight holds several security certifications, including SOC2 and HIPAA compliance. SOC2 provides assurance of the platform’s controls for security, availability, integrity, confidentiality and privacy. HIPAA compliance ensures that sensitive health information is protected from unauthorized disclosure.
What compliance frameworks are officially supported by Sitefinity Insight?
Sitefinity Insight is certified under the SOC2 framework and provides tools for meeting requirements related to the EU’s GDPR regulation.
Sitefinity Insight ensures compliance with data residency requirements by offering multiple regional deployments that do not share any data. Current deployments are located in the United States, European Union (Netherlands), Australia, Singapore and Canada.
Yes, customer data is encrypted both at rest and in transit. TLS 1.2 is used for transmission security, and unencrypted connections are automatically rejected. Stored data is encrypted in SQL databases, accessible only with explicit authorization.
The Sitefinity Insight team uses visual logs for load, performance, availability and errors. These logs help detect suspicious activity and unusual trends in near real time, with key data made accessible to all development team members.
Yes. Sitefinity Insight offers a per-user setting that lets administrators control whether PII is displayed in both the web application and API endpoints, helping reduce exposure of sensitive data.
Sitefinity Insight supports GDPR compliance by enabling personal data discovery and deletion, offering secure APIs for integration, handling PII securely, including a built-in tracking consent widget and providing a European-hosted deployment option.
Yes, Sitefinity Insight provides APIs that handle GDPR data export or delete requests. These endpoints can be integrated into automated workflows for efficient compliance reporting.
Sitefinity Insight provides API endpoints that allow clients to export or delete all collected data related to individual website visitors, supporting data portability and erasure under data protection regulations.
Sitefinity Insight includes a built-in tracking consent widget that captures and updates consent preferences. This helps organizations manage user data in line with individual preferences and regulatory requirements.
Sitefinity Insight uses Azure services to store and maintain data access logs. Logs from the Sitefinity application are persisted in Application Insights, creating a comprehensive and durable record of data interactions.
No, Sitefinity Insight does not currently support defining custom data retention policies.