
Explore how Productboard protects customer data and operates its security and compliance program. This Trust Center provides self-service access to key documentation, certifications, reports, and information about our evolving platform, Productboard Spark.
Quick links
Productboard is a customer-centric product management platform that helps teams collect feedback, understand customer needs, prioritize what matters, and bring the right products to market faster. The platform also includes integrations, APIs, and AI-powered capabilities with Productboard Spark.
From a trust and security perspective, Productboard may process and store:
This Trust Center provides access to Productboard’s security, privacy, and compliance documentation, including policies, certifications, reports, and answers to common security questions.
Typical data access: Product Strategical Roadmaps, Product Feedback, Product Customers (PII and Highly Confidential Company Data)
Certifications: SOC 2 Type 2, CSA, ISO 27001:2022
At Productboard we fully understand the need for diligence as product strategy is certainly sensitive commercial information that deserves the right level of protection!
When it comes to cybersecurity, we implement best practices of security-in-depth and security-in-breadth by implementing multi-layered approach of security measures and controls following NIST and OWASP. We conduct penetration testing and vulnerability scanning programs and we have 3rd party penetration tests on an annual basis for the application and networking layers, we also do weekly DAST scans for application vulnerabilities and quarterly for the network. The tests are very thorough and use a combination of industry standard tools such as Burp suite and Nessus, as well as manual fuzz test which go well beyond what an automated tool can do.
When it comes to security compliance management, we are building our ISMS on top of ISO 27002:2022 controls and SOC 2 Focus Points by mapping both standards using AICPA's guide.
Foregoing notwithstanding we continuously heavily invest into our product security, including secure log-on mechanisms, RBAC user model, SSO, internal data and process segmentation etc., as well as state-of-the-art situational awareness monitoring, anomaly detection and, of course, 24x7x365 response by our security operations team. In support of this goal we allocate an adequate budget to ensure security-by-design is in place to protect our customers' data as a top priority.
We apply the same security and compliance principles across the Productboard platform, including new AI-powered capabilities such as Productboard Spark.
David Dolezal
Director of Security
-- Certification audits are planned for Sept/Oct 2026 (ISO27k, ISO42k, SOC2)