Security Overview

Last updated: February 03, 2026

Security is a top priority at Measure. We know that you trust us with your data, and we take that responsibility seriously. Here's an overview of how we protect your information.

Data Protection

All customer data is written to multiple disks instantly, backed up daily, and stored in multiple locations. Files that our customers upload are stored on servers that use modern techniques to remove bottlenecks and points of failure.

Encryption

In Transit

All data sent between your browser and our servers is encrypted using TLS (Transport Layer Security). This includes your login credentials, account data, and all analytics information.

Our tracking script uses HTTPS to ensure that analytics data from your website visitors is also encrypted in transit.

At Rest

All data backups are encrypted. Our database servers use encrypted storage to protect your data at rest.

Infrastructure Security

Measure runs on infrastructure that maintains strict security standards:

  • Full redundancy for all major systems
  • Regular security patches and updates
  • Firewalled networks with strict access controls
  • 24/7 monitoring for unusual activity
  • DDoS protection and mitigation

Application Security

We follow security best practices in our application development:

  • Secure password hashing using industry-standard algorithms
  • Protection against common vulnerabilities (SQL injection, XSS, CSRF)
  • Regular security audits and code reviews
  • Principle of least privilege for internal access

Payment Security

We use Stripe, a PCI Level 1 compliant payment processor, to handle all payment transactions. Your credit card information is submitted directly to Stripe and never touches our servers.

Employee Access

Access to customer data is limited to employees who need it to provide support or maintain the service. All access is logged and regularly audited. Employees are trained on security best practices and our data handling policies.

Privacy by Design (Path B Architecture)

Measure is built with a fundamentally different approach to analytics. We don't just minimize data collection — we've architected our system so that individual tracking is impossible:

  • No IP addresses stored (not even hashed)
  • No cookies or identifiers of any kind
  • No individual event records — only aggregated counters
  • No cross-request linkage possible
  • Timestamps rounded to the hour

This means there's simply no personal data to protect, breach, or misuse. We count pages, not people.

Incident Response

In the unlikely event of a security incident, we have procedures in place to:

  • Quickly identify and contain the issue
  • Investigate the root cause
  • Notify affected customers promptly
  • Implement measures to prevent recurrence

Reporting Security Issues

If you've discovered a security vulnerability in Measure, please let us know right away. We appreciate your help in keeping our customers safe. Please email security issues to security@measure.events.

Questions?

If you have any questions about our security practices, please contact us.