Enterprise-grade security underpins the Conversational Cloud

LivePerson’s Conversational Cloud offers unmatched enterprise-grade security. Our applications, infrastructure, and policies have been vetted by advanced security teams at our Fortune 500 customers and reflect 20+ years of industry leadership in data and systems security.

Logos of Security Certificates

Compliance and security certifications

We meet the most relevant international security and privacy standards.

SSAE 18 SOC2+HIPAA (formerly SAS70)

We conduct yearly data center audits and our reporting is compliant with the American Institute of Certified Public Accountants (AICPA).

ISO 27001

Our Information Security Management System is certified for ISO compliance.

Learn more

PCI DSS 3.2.1

We handle payment data and secure transactions in compliance with Payment Card Industry Data Security Standards 3.2.1.

GDPR

Our data and privacy policies are in full compliance with EU General Data Protection Regulation.

Learn more

SOX

Our finance and security operations are compliant with all Sarbanes-Oxley requirements.

HIPAA via Business Associate Agreement (BAA)

LivePerson executes BAAs with HIPAA-covered entities to certify PHI protections.

HITRUST CSF® v9.3

LivePerson is HITRUST CSF® v9.3 certified to ensure robust security protection for our customers, including HIPAA-covered entities.

Request information

Data security

We use the most current in-transit and at-rest encryption, along with optional AES and sensitive data masking. Our application security and customer controlled policies offer full visibility and logs to users and make it easy to customize user permissions and access.

Product and application security

LivePerson adheres to a comprehensive Secure Software Development Life Cycle that includes the following:

Design and planning

Our security team is actively involved in design for all major projects.

Static code analysis

We conduct routine OWASP and automated scans in our systems.

Security scans and audits

We conduct regular vulnerability scanning and third-party assessments.

Training and awareness

We issue third-party training in secure coding and ethical hacking for our R&D and QA teams.