Trust Center

As trusted by highly-regulated industries such as financial services, insurance companies and the medtech industry around the world, we strive to continuously meet and exceed the security standards and regulations on data and personal security that is expected by our customers. Here is how we work to protect your data and secure our systems.

At Custellence

Our security culture

Your privacy and keeping your data safe is crucial to us. Therefore, we are continuously working on maintaining and improving our security culture to ensure that everyone in our organisation is working with your data security in mind.

Our commitment to compliance

Custellence continuously monitors and keeps up to date with the latest legal frameworks and technical requirements on data security and privacy to ensure full compliance with privacy laws such as GDPR.

Our security measures

You can trust that all data we manage is encrypted in transit and at rest, that passwords are hashed and salted, and accounts are verified. We employ secure coding practices, code reviews, automated security testing and more. Our employees and contractors have signed contracts including a confidentiality clause and receive security training at the start of employment and continuously as needed.

SOC 2 Type II Certification

As a proof of our commitment to maintaining the highest information security and operational excellence, we have completed a SOC 2 Type II audit. Being certified indicates that Custellence's systems and controls have been rigorously evaluated and meet the stringent requirements set by the American Institute of CPAs (AICPA). The detailed SOC 2 Type II report is available upon request for customers seeking to verify the company's compliance.

Our vendors

Chosen with care

We do not host data centers ourselves, instead we have carefully selected industry-leading vendors that hold the toughest certifications to keep your data safe. They are all certified with SOC 2 and ISO27001 for processing and storage of data. All our third party vendors also use data centers with these certifications.

Secure payment

We use Stripe for all online* payments, which means we do not store any payment information ourselves. Stripe is one of the world’s largest online payment services and holds PCI DSS Level 1 certification, which is the highest level to be achieved in this area. *For our Enterprise plans, we offer invoice.

For You

Advanced workspace access control

In Custellence you can manage both members and guests. You can change their role to restrict what they can do in the workspace and manage all users that are not in your workspace but have access to any maps in the workspace.

Advanced map sharing control

If you have many maps and would like to be able to set different access rights for your team members, our paid plans offer advanced sharing options. For example editing rights for selected members, and view-only for others. You can also set other advanced sharing options, such as passcode protected link and domain sharing.

Audit logs

Keep track of the activity in your workspace. You can easily see who has done what in your workspace and on journey maps. To get notified of changes in specific maps, just choose “follow” and you’ll get notified regularly on the activity.


For our Professional customers we offer Single Sign-on (SSO) using Microsoft Entra with OpenID and Service Level Agreement (SLA). If your organization uses other SSO solutions than Azure, or has any specific additional security requirements, we are also able to customize your Enterprise plan.

Want to see the details?

Below you find links to all the information you and your team need to understand the details. You can always reach out to or your contact at Custellence to ask any questions or send a request for the details in a neat package to give to your team for review.

Security Policy

How we offer enterprise-grade security.

Privacy Policy

How we protect your data and help you meet global privacy obligations.

Cookie Policy

How we use cookies and other tracking technologies

Responsible Disclosure Policy

How to perform pen-tests and report security issues to us.

Subprocessors list

Read about the third-parties that process our customer data.

Recent updates

Updates to our Privacy Policy

Clarifies that only workspace/map administrators can make maps public. We encourage you to read through the updated version.

Updates to our Responsible Disclosure Policy

Tests may only be performed against the staging environment of the app.

Updates to our Security policy

Minor update on our Security policy with additional information about data at rest.

Sign up for a free account

Free account

No credit card required