PersonifyUX

Security

Built for Sensitive Environments. Secured by Design.

PersonifyUX was designed with security as a core requirement from the start. We use layered technical and operational safeguards to protect customer data and reduce exposure during automated UX analysis.

Our approach emphasizes minimizing retained data, restricting access, encrypting information in transit and at rest, and limiting the amount of sensitive content that reaches downstream AI processing.

Sensitive Data Handling

Every UX audit begins with a screenshot capture of a customer-submitted URL. In some environments, screenshots may contain sensitive on-screen information.

PersonifyUX uses automated redaction and filtering controls designed to reduce the likelihood that sensitive data is included in downstream AI analysis. These controls may use pattern matching, visual detection, and entity-recognition techniques to identify and mask potentially sensitive content before it is sent for model processing.

Examples of data that may be flagged for redaction include:

  • names
  • dates of birth
  • government ID numbers
  • medical or insurance identifiers
  • contact details such as addresses, phone numbers, and email addresses
  • visible free-text content that appears likely to contain sensitive information

Redacted regions are masked before transmission to model-processing systems. No automated redaction method is perfect, and customers should avoid submitting sensitive personal data unless expressly authorized by PersonifyUX in writing for a supported use case.

Screenshot Handling and Retention

PersonifyUX is designed to minimize screenshot retention outside of customer-controlled report storage.

AI Processing

Redacted screenshots may be transmitted to AI or model-processing providers for analysis. We configure supported providers and integrations to limit retention and restrict use of submitted data for model training, subject to the capabilities and contractual terms of those providers.

Customer Account Storage

Generated audit reports, including report artifacts and any retained redacted thumbnails or related outputs, may be stored within your account so you can review prior analyses. You control report retention within the product. When you delete a report or close your account, associated active data is generally deleted from our live systems within 30 days, subject to standard backup and recovery cycles.

Processing Buffers

Raw and intermediate image data may be held temporarily in short-lived processing buffers during audit execution and are designed to be purged automatically after processing is complete. Outside of customer-facing report storage and ordinary logging or backup processes, screenshot data is not intended to be retained in persistent internal storage.

Synthetic Test Data Controls

When synthetic personas interact with an application, they may enter test data into forms or create temporary records as part of an audit workflow.

To reduce the risk of synthetic data being mistaken for real user activity, PersonifyUX may apply identifiable markers or structured test patterns to synthetic inputs used during supported testing flows. This helps customers distinguish synthetic records from production data and remove those records after testing.

Customers remain responsible for reviewing their own systems and validating how test data is handled in downstream environments.

Access Controls

Access to customer data is restricted based on job responsibility and operational need.

Our security controls may include:

  • role-based access restrictions
  • multi-factor authentication for privileged access
  • audit logging for administrative and production access events
  • periodic access review processes

Encryption

We use encryption designed to protect customer data in transit and at rest.

This may include:

  • encryption in transit using current transport security standards
  • encryption at rest where supported by our infrastructure and service providers
  • logical segregation of customer data within hosted environments

Any statements about specific encryption configurations are subject to change as our infrastructure evolves.

Infrastructure Security

PersonifyUX is deployed using modern cloud infrastructure and standard security hardening practices.

These practices may include:

  • private network segmentation for internal services
  • restricted ingress and egress controls
  • no intentionally public-facing production databases
  • centralized logging and monitoring
  • automated dependency and vulnerability scanning
  • patching based on severity and operational risk

Testing and Monitoring

We use a combination of automated and manual security practices to identify and address risk.

These may include:

  • application and dependency scanning
  • log monitoring and alerting
  • security-focused code review practices
  • periodic internal or third-party security assessments as appropriate to company stage and product maturity

Incident Response

We maintain internal procedures for responding to suspected security incidents, including investigation, containment, remediation, and notification as appropriate under applicable law and contractual commitments.

Deterministic and Automated Analysis

PersonifyUX combines AI-assisted analysis with deterministic programmatic checks. Certain usability and accessibility-related findings may be calculated algorithmically rather than generated solely by a model. This helps improve consistency and reproducibility for specific categories of system output.

Even so, all audit results should be reviewed by customers before they are relied upon for business, legal, accessibility, security, or compliance decisions.

Shared Responsibility

Customers are responsible for:

  • submitting only data they are authorized to provide;
  • avoiding submission of sensitive personal data unless expressly supported by the service;
  • reviewing generated output before relying on it;
  • managing report retention within their account; and
  • maintaining the security of their own environments, credentials, and applications.

Questions

If you have security questions or need to report a vulnerability, contact us at security@personifyux.com.