Your product plans and data are one of your organization’s best kept secrets. That’s why we built using the strictest security protocols in the industry. Hundreds of companies around the world trust to keep their product plans and data safe and secure, so you can rest assured that your sensitive data is protected with us.  


ISO 27001:2013 deploys industry standard security controls and is ISO 27001:2013 certified, we’ve based the platform’s Information Security Management System controls on ISO 27001 and SOC-2 principles.


We use Stripe -- which is PCI-DSS certified -- to process all payments.’s system operates on Google Cloud Platform, which is ISO 27001, SOC-2 and FedRamp certified.

Product security & reliability’s security goes above and beyond the mechanisms provided by our hosting environment. We’ve added exceptional security and control through the addition of multi-tiered layers of security within the platform itself:

SSO offers SAML 2.0 Single Sign-on (SSO) to enable seamless integration with your existing identity solutions: OKTA, Google Workspace, Active Directory, Ping Identity, and any SAML 2.0 compatible solution. 

Role-Based Access Controls 

Access to data within the application is governed by role-based access controls (RBAC). has various predefined roles : Account Owner, Workspace Owner, Workspace Admin, Team Leader, Editor, Contributor.

Password and Credential Storage enforces a password complexity standard, and encrypts stored passwords. 

Uptime has 99% or higher uptime.

IP Whitelisting can be configured to only allow access from designated IP address ranges. These restrictions can be applied to all users.

Cloud Security’s security and availability architecture is designed according to ISO 27001 and SOC-2 principles, and is implemented based on industry best practices. 

Physical Security & Data Hosting uses Google Cloud Platform data centers in the United States and the EU. GCP’s physical security is known to be the market gold standard, and is audited as part of GCP’s SOC-2 and ISO 27001 certification.

Intrusion Detection and Prevention uses Intrusion Detection capabilities to monitor and detect security incidents. If and when a suspected intrusion is detected, operates according to its ISO-27001-compliant Incident Response process.

DDoS Mitigation’s use of GCP’s DDOS protection mechanisms, as well as its multi-region and multi-zone capabilities, allows to provide DDoS-protected services. 

Logical Access allows access to its Production network according to the least-privilege, need-to-work principle. Access is logged and reviewed frequently, to maintain close control of protection and data access.

Disaster Recovery and Business Continuity’s service was designed to overcome various disaster scenarios, and utilizes GCP’s cloud resilience as well as efficient internal processes to recover quickly and smoothly.

Auditing and Logging maintains logs of all of its systems and services, and audits these logs frequently as a supplementary control to its other security and access control mechanisms.

Back Up data is backed-up to a separate, secure environment for improved Availability and Data Integrity in case of a malfunction scenario.

Identification and Authentication

Access to the production environment is limited to a small team of employees, as per their job requirements. Access requires the use of 2-Factor Authentication, which necessitates a robust login process consisting of a strong password and a one-time code provided by Google Authenticator.

Encryption encrypts all data in transit using TLS with 256 bit AES encryption. Our server scores “A” on Qualys SSL Labs‘ tests. 

Data-at-rest is encrypted using AES-256 encryption.

Penetration Tests uses third party experts to perform periodic Penetration Tests to its production environment, in order to verify that security is maintained at the highest possible standards. Both Application level and Infrastructure level threats are explored to understand whether new vulnerabilities are applicable and to provide a comprehensive view of’s protection mechanisms.

Application Security practices extensive processes and controls to ensure application security. All engineers make use of common best practices as defined by standards like OWASP and NIST throughout all stages of development.  

Secure Software Development Life Cycle’s software is developed using a structured development process, integrating security and privacy-by-design at all stages of the life cycle.

All developers receive annual Secure Development training, covering security architecture, secure coding and OWASP top 10 threats. 

Code Reviews

All code packages undergo Code Reviews before being allowed to merge into’s main code branch, thus ensuring a clean, controlled and high-level code base.

Quality Assurance 

All code developed at undergoes strict automatic and manual quality assurance testing, to ensure it is correct, efficient and free of security vulnerabilities.

Separate Environments 

The Testing environment is completely separated from the Production environment. No Customer or Production Data is used in our development or test environments.

HR Security

Employee Screening

All new employees are subjected to background checks in accordance with local, federal and state laws. 


All employees sign confidentiality agreements as part of their employment contracts.


All employees read and sign its ISO-27001-certified Information Security Policy and Acceptable Use Policy.


All employees take part in yearly Security Awareness training sessions and while completing their onboarding process.


Review our Privacy Policy to learn about our policies regarding the collection, use and disclosure of personal data when you use our Service.

Thousands of product managers trust worldwide

See what our customers say about

" is the perfect product for product managers. It makes it very easy to manage your products all the way from Strategy to detailed implementation lifecycles."

Abhijit Dev

Lead Product Manager, IMImobile

״ supports the entire product management life cycle with a rich and easy to use interface. The kanban boards are well designed and implemented.״

Paul Davis

Product Manager, Cornell University

"Product Management, easier. It’s also a clearly modern web app, unlike most of its competitors. You can easily create stories and issues out of notes."

Alexander Holley

Product Owner, Artos Systems

Ready to build great products?

Copyright © 2020. All rights reserved.