Legal & Compliance

Refiner is designed to help you collect user feedback in a privacy-conscious and compliant way. This page outlines how Refiner handles data and what you need to consider when using the product.

When using Refiner, you may send and process user data such as identifiers, attributes (traits), and survey responses. Depending on your use case and location, this data may be subject to data protection regulations. Refiner is designed to operate as a data processor under your instruction. You define what data is collected, how long it is retained, and when it is deleted. We provide the infrastructure, security controls, and compliance framework to ensure that data is handled in accordance with modern regulatory and enterprise standards.

Here is a quick overview of what Refiner provides to help you stay compliant:

• Data hosting: AWS (eu-west-1, Ireland)
• Data residency: All user data is stored and processed within the European Union
• Data processing role: Refiner acts as a data processor; you remain the data controller
• Sub-processors: By default, no user data is processed by third-party sub-processors
• Compliance: GDPR-ready (supports data access and deletion requests)
• Security: SOC 2 Type II certified infrastructure and controls
• Encryption: All data is transmitted securely via HTTPS
• Authentication: SAML 2.0 Single Sign-On (SSO) supported
• Data control: Full control over data retention, deletion, and export
• Integrations: Data sharing with third-party tools is fully controlled by you

For detailed information about legal, compliance and security at Refiner, please refer to the following pages:

• Terms of Service
• Privacy Policy
• Security Statement
• SOC 2 Type II
• GDPR
• CCPA
• HIPAA
• Legal Notice

If you require additional documentation, security questionnaires, or compliance attestations, please contact our team.