P
P

Productboard

Productboard



Badges

GDPR
GDPR
PCI
PCI
CCPA
CCPA
SIG
SIG
EU-US Data Privacy Framework
EU-US Data Privacy Framework

Our Philosophy

At Productboard we fully understand the need for diligence as product strategy is certainly sensitive commercial information that deserves the right level of protection!

When it comes to cybersecurity, we implement best practices of security-in-depth and security-in-breadth by implementing multi-layered approach of security measures and controls following NIST and OWASP. We conduct penetration testing and vulnerability scanning programs and we have 3rd party penetration tests on an annual basis for the application and networking layers, we also do weekly DAST scans for application vulnerabilities and quarterly for the network. The tests are very thorough and use a combination of industry standard tools such as Burp suite and Nessus, as well as manual fuzz test which go well beyond what an automated tool can do.

When it comes to security compliance management, we are building our ISMS on top of ISO 27002:2022 controls and SOC 2 Focus Points by mapping both standards using AICPA's guide.

Foregoing notwithstanding we continuously heavily invest into our product security, including secure log-on mechanisms, RBAC user model, SSO, internal data and process segmentation etc., as well as state-of-the-art situational awareness monitoring, anomaly detection and, of course, 24x7x365 response by our security operations team. In support of this goal we allocate an adequate budget to ensure security-by-design is in place to protect our customers' data as a top priority.

David Dolezal

Director of Security

Coming Soon

Q2 2025

-- pentest 2025 results

Q3 2025

-- ISO27001 and SOC2 certification renewal


Find an Answer


Announcements

New product access management (Granular Permissions)

Productboard offers permission settings at the product entity level for granular permissions management and better access control for admins.

https://support.productboard.com/hc/en-us/articles/1500012789762-New-product-access-management

We have launched OAuth 2.0 for integrations!

All customers and partners wishing to integrate with Productboard's platform APIs will now be able to use OAuth2.

More details in the article here: https://support.productboard.com/hc/en-us/articles/9994662156691-How-to-integrate-with-Productboard-via-OAuth2-developer-documentation?source=search

Password protected shared roadmaps are now GA

We’ve taken your feedback into consideration and are releasing this improvement right after our December Roadmap sharing release!

What’s new?
Makers can protect their publicly shared roadmaps with a password to ensure that only authorized people can access the roadmap.

New Slack integration configuration options are released to GA

What is new?

  • We have added two new configuration options to provide more control over pushing Slack messages into Productboard:

  • We extended the options for who can push Slack messages into PB.

  • We added an option to disable the public notifications in the channel after a Slack message was pushed into PB.

Audit Log: Transparency & Accountability

We’ve just released new capabilities to export workspace audit logs for the past 90 days, now available on the Enterprise plan. They’re designed to give admins in larger organizations more visibility into what’s happening in the workspace and diagnose any issues that arise. For starters, you’ll know exactly who accidentally deleted that important feature! It will be a valuable supplement to the existing activity log that’s displayed in each entity’s detail

How to manage permissions in Productboard

As your product organization grows, permissions allow you to determine which information users can view and edit within Productboard. Setting up appropriate permissions allows your product teams to collaborate while maintaining control over their most important or sensitive data.

Currently, Productboard offers permission settings at the product level. More details at https://support.productboard.com/hc/en-us/articles/1500012789762-How-to-manage-permissions-in-Productboard

Salesforce - Security FAQ

How customer data imported from SFDC are protected? How data flows to Productboard?

Many of those questions could be found answered in the article here
https://support.productboard.com/hc/en-us/articles/1500000297022-Salesforce-Security-FAQ

Privacy By Default with External IDs to support anonymous note-creating users

Productboard is designed to help you understand your customers and build for their needs. To help you achieve this, we are introducing new ways of connecting Productboard to sources of customer data.

We have now launched user external ID support for Intercom, Zendesk, and our public API. This means that users (individuals associated with notes) will be identifiable without an email address.

More in the article https://support.productboard.com/hc/en-us/articles/7184018643859


What we offer

Productboard

Productboard is the leading customer-centric product management platform that empowers teams to get the right products to market, faster. From Security perspective it has few main components: - Insights (ingesting customer feedback into Productboard via one-way inbound integrations) - Features/Prioritisation (two-way sync integrations that update status of planned product deliverables) - Segmentation (Matching customers with existing CRM) - Public API (Connect your own processes to our app)

Typical data access: Product Strategical Roadmaps, Product Feedback, Product Customers (PII and Highly Confidential Company Data)

Certifications: SOC 2 Type II, CSA, ISO 27001:2013

Satismeter

SatisMeter is a powerful feedback platform for modern product teams that goes above and beyond traditional feedback widgets and survey tools in its category. Through pre-existing and customizable templates, SatisMeter helps keep an eye on customer satisfaction, stay updated on product engagement, and monitor product-market fit through contextual surveys in-app and across other channels.

Typical data access: Customer Feedback (Confidential & PII Data)

Certifications: SOC 2 Type II, ISO 27001:2022


Featured Documents


Subprocessors
7

Subprocessor
Location of Processing
Usage Details
A

AWS

United States
Cloud service provider CloudFront - Content delivery service
C

Cloudflare

United States
Content delivery network
D

Datadog

United States
Cloud-based Monitoring Service, Log management, SIEM
O

OpenAI

United States
AI use cases - automated summaries from insights, auto-linking insights to features etc. (OPT-IN, only for customers who enable it)
P

Pusher

United Kingdom, EMEA
Cloud-based WebSockets Service
S

Sentry

United States
Cloud-based Application Monitoring and Error Tracking
T

Tray.ai

United States
Cloud-based API Integration Platform, used only for selected customers who require integration with Tray
Last updated . .
View as:

Trusted by

Powered by Conveyor, the first end-to-end customer trust platform.
Learn more