Legal & Compliance

On this page
Introduction
Terms of Service
SOC 2 Type II Certification
Data Protection Frameworks
Data Lifecycle Management
Web Storage & Cookies
Your Control, Our Responsibility

Introduction

Keeping customer data secure, confidential, and continuously available is our highest priority. Refiner is built on a security-first architecture, aligned with industry standards and established compliance frameworks. You retain full control over the user data processed within your account at all times.

Terms of Service

When you create an account with Refiner, you agree to our Terms of Service and Privacy Policy. Both documents are designed with a strong emphasis on data protection, regulatory compliance, and information security.

For Enterprise customers, we offer the option to execute custom agreements, including tailored Data Processing Agreements (DPAs) and additional contractual safeguards as required.

SOC 2 Type II Certification

SOC 2 is a compliance framework developed by the American Institute of Certified Public Accountants (AICPA).

As of June 2024, Refiner has successfully completed a SOC 2 Type II audit, which validates the operational effectiveness of our security controls over a defined audit period.

For additional details on our security posture and to request a copy of our SOC 2 report, please refer to:

Data Protection Frameworks

efiner supports compliance with major international data protection regulations and healthcare standards. Our platform is designed to help you meet your regulatory obligations while maintaining full administrative control over your data.

We provide multiple technical and organizational mechanisms to support lawful data processing, subject access requests, deletion workflows, and controlled data retention.

For detailed information, please refer to:

Data Lifecycle Management

Data Collection

When implementing the Refiner JavaScript SDK or Mobile SDKs, you typically identify users via a unique identifier (e.g., user ID). Optionally, you may also transmit:

  • User traits (e.g., plan type, company size)
  • Behavioral events
  • Survey responses

Upon receipt, Refiner creates a user record within your account environment.

The moment we receive user data from you, we’ll create a record in our database. By default, your user data is kept in your account until you delete the environment or cancel your subscription.

We provide various mechanism allowing you to delete individual user records on demand or delete old user profiles automatically after a certain time of inactivity.

At any given moment you can choose to delete individual user profiles or groups of users. You can do this on the User Segments page.

The Data Settings page lets you purge all user data. This option is helpful if you finished testing and want to clean up your environment.

In addition to manually deleting user data, you can also set time-based data retention policies. You can choose to delete old user user – including their survey responses, traits, and activity records – after a certain time of inactivity. This option is also available on the Data Settings page.

Data Collection

When implementing the Refiner JavaScript SDK or Mobile SDKs, you typically identify users via a unique identifier (e.g., user ID). Optionally, you may also transmit:

  • User traits (e.g., plan type, company size)
  • Behavioral events
  • Survey responses

Upon receipt, Refiner creates a user record within your account environment.

Data Storage

By default, user data remains stored in your account environment until:

  • You delete the environment
  • You manually delete user records
  • You cancel your subscription

You maintain full administrative control over data retention.

Data Deletion & Retention Controls

Refiner provides multiple mechanisms for managing and deleting user data:

Retention policies are configurable via the Data Settings page and enable systematic lifecycle governance aligned with your internal compliance requirements.

Web Storage & Cookies

Refiner’s JavaScript SDK stores an anonymous user token in the browser’s Local Storage to ensure consistent user recognition and correct survey delivery.

If Local Storage is unavailable, the SDK falls back to using cookies.

No sensitive personal data is stored in Local Storage or cookies by default—only the minimal technical identifiers necessary to operate the SDK.

For more details, please refer to the dedicated documentation page.

Your Control, Our Responsibility

Refiner is designed to operate as a data processor under your instruction. You define what data is collected, how long it is retained, and when it is deleted. We provide the infrastructure, security controls, and compliance framework to ensure that data is handled in accordance with modern regulatory and enterprise standards.

If you require additional documentation, security questionnaires, or compliance attestations, please contact our team.

Was this helpful? Let us know with a quick a vote

Still got questions? We are here to help!

The best way to contact us and get help is to fill out our support form. You can also send an email to contact@refiner.io. We usually reply within a few hours.