Refiner.io Legal & Compliance

Legal & Compliance

Refiner is designed to help you collect user feedback in a privacy-conscious and compliant way. This page outlines how Refiner handles data and what you need to consider when using the product.

When using Refiner, you may send and process user data such as identifiers, attributes (traits), and survey responses. Depending on your use case and location, this data may be subject to data protection regulations. Refiner is designed to operate as a data processor under your instruction.

You define what data is collected and can configure data retention, deletion, and export options within Refiner, subject to your subscription status and our applicable legal agreements.

We provide the infrastructure, security controls, and compliance framework to ensure that data is handled in accordance with modern regulatory and enterprise standards.

Here is a quick overview of what Refiner provides to help you stay compliant:

  • Data hosting: AWS (eu-west-1, Ireland)
  • Data residency: By default, all user data is stored and processed within the European Union
  • Data protection frameworks: GDPR, CCPA & HIPAA compliant
  • Data processing role: Refiner acts as a data processor for your user data; you remain the data controller
  • Data control: You can configure data retention, deletion, and export options in your account
  • Sub-processors: By default, no user data is processed by third-party sub-processors other than our hosting provider
  • Security: SOC 2 Type II certified infrastructure and controls
  • Encryption: All data is transmitted and stored encrypted (In-Transit & At-Rest)
  • Authentication: SAML 2.0 Single Sign-On (SSO) supported
  • Integrations: Data sharing with third-party tools is fully controlled by you

For detailed information about legal, compliance and security at Refiner, please refer to the following pages:

If you require additional documentation, security questionnaires, or compliance attestations, please contact our team.