UserBit Security

We treat privacy and data security very seriously. We have taken a number of steps to make sure your information is always secure when you're using UserBit.

If you have specific questions, please don't hesitate to get in touch with us.

Send an email to

security illustration

Security Overview

UserBit's server and client infrastructure is hosted on Google Cloud Platform

Two-factor Authentication

UserBit offers SMS based two-factor authentication to protect against harmful data breaches, which are commonly caused by weak or stolen credentials.

Server-side Encryption

UserBit uses google firestore where your data and metadata is encrypted under the 256-bit Advanced Encryption Standard before it is written to disk, and each encryption key is itself encrypted with a regularly rotated set of master keys.

Transport Layer Security

To protect your data as it travels over the Internet during read and write operations, UserBit uses Transport Layer Security (HTTPS).

Robust Access management

Access to user data on UserBit is maintained via strict database level security rules to protect privacy and data confidentiality. By default, authenticated users have access to their own data only. Users can opt to share their data with their teammates via shared projects or by choosing to invite users explicitly for self-interview.

Payment processing

All payment related services are provided by Stripe, which is certified as a PCI Level 1 Service Provider. UserBit does not and cannot store or access sensitive payment information.

Comprehensive Authentication Security

UserBit uses firebase authentication framework built by the same team that developed Google Sign-in, Smart Lock and Chrome Password Manager, Firebase security applies Google's internal expertise of managing one of the largest account databases in the world.

Security Details

UserBit's infrastructure is entirely hosted on Google Cloud Platform (GCP) which takes advantage of the same security model as Google Apps like Gmail and Search. A detailed whitepaper on security policy can be downloaded here:

Security Certificates

All Google Cloud services that UserBit uses, have successfully completed the ISO 27001 and SOC 1, SOC 2, and SOC 3 evaluation process, and some have also completed the ISO 27017 and ISO 27018 certification process:

Service name ISO 27001 ISO 27017 ISO 27018 SOC 1 SOC 2 SOC 3
Cloud Firestore
Cloud Functions for Firebase
Cloud Storage for Firebase
Firebase Authentication
Firebase Hosting
Google Analytics for Firebase

Links to certificates:

Data Center Physical Security

UserBit uses Google's data centers and servers that are located in USA. These data centers feature a layered security model, including safeguards like custom-designed electronic access cards, alarms, vehicle access barriers, perimeter fencing, metal detectors, and biometrics. The data center floor features laser beam intrusion detection.

Moreover, these data centers are monitored 24/7 by high-resolution interior and exterior cameras that can detect and track intruders. Access logs, activity records, and camera footage are reviewed in case an incident occurs. UserBit employees do not have physical access to these servers and data centers.

Data Security


All data on UserBit is automatically encrypted at rest and in transit. Any new data stored in persistent disks is encrypted under the 256-bit Advanced Encryption Standard (AES-256), and each encryption key is itself encrypted with a regularly rotated set of master keys.

During transit, all read and write operations on UserBit are protected using Transport Layer Security (HTTPS).


The storage stack and secured layers of UserBit application require that incoming requests are authenticated and authorized. Data stored in our noSQL cloud database is protected by database level security rules and Google's Identity and Access Management (IAM). Only authorized employees at UserBit have electronic access to user data.

Customer data is logically isolated from that of other customers and users, even when it's stored on the same physical server. Only a small group of Google employees have access to customer data.


User deleted data on UserBit is immediately wiped from our production database. Some critical deleted data like the project structure remains in our backup storage for 30 days, after which it is wiped from there as well. In the event that customers are unable to delete their data, they can also reach out to UserBit support to get their data wiped.

When retired from Google’s systems, hard disks containing customer information are subjected to a data destruction process before leaving Google’s premises.


UserBit does not store or transmit any sensitive payment data. All of our payment services are handled securely by our payments partner, Stripe, which is certified as a PCI Level 1 Service Provider.

You can read more about Stripe's privacy and security policy here:


All customer data and account content on UserBit is backed up regularly on a separate cloud storage.

Application Security

UserBit follows industry standard best practices for product development. All our releases and new features are thoroughly tested for security vulnerability before deployment.

In addition, UserBit is equipped with thorough internal logging and audit trail features that provide transparency into usage and access. With the help of Google's infrastructure, we get alerted to and react quickly to all security concerns.