// Trust & Security Report

    Similarweb LTD logo

    Similarweb LTD

    Digital data intelligence suite (Web Intelligence, App Intelligence, Sales Intelligence, Retail Intelligence, AI Search Intelligence, Stock Intelligence, Data-as-a-Service API, browser extension, free web tools)

    Certifications held

    7

    Maturity

    Enterprise

    Trains on your data

    Unknown

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2 Type II
    HELD

    We're dedicated to customer data security and hold an independently validated SOC2 and ISO 27001 certification. This demonstrates our unwavering commitment to secure services and processes, and to data confidentiality. ... Heading: 'SOC2 Type II and ISO 27001 validated'

    Verify on similarweb.com
    SOC 3
    HELD

    SOC 3 - Listed in the compliance section of the Similarweb Trust Center alongside SOC 2 Type 2 and ISO/IEC 27001:2022.

    Verify on trustcenter.similarweb.com
    ISO/IEC 27001:2022
    HELD

    hold an independently validated SOC2 and ISO 27001 certification ... Trust Center lists 'ISO/IEC 27001:2022' in its compliance section.

    Verify on trustcenter.similarweb.com
    CCPA
    HELD

    CCPA - Listed in the compliance section of the Similarweb Trust Center.

    Verify on trustcenter.similarweb.com
    VPAT (accessibility)
    HELD

    VPAT - Listed in the compliance section of the Similarweb Trust Center.

    Verify on trustcenter.similarweb.com
    GDPR
    HELD

    Similarweb states it strives to 'go above and beyond data privacy laws, regulations, and industry standards' and references compliance with privacy laws like GDPR/CCPA, but GDPR is a regulation (not a certification) and was not displayed as a discrete badge on the Trust Center compliance list. Posture is present; treated as compliance posture, not a held certificate.

    Verify on similarweb.com
    PCI DSS
    HELD

    Not displayed on the Trust Center compliance list (payments are typically handled by a third-party processor).

    Verify on trustcenter.similarweb.com
    > Show 1 unconfirmed / not-held certifications
    HIPAA
    NOT CONFIRMED

    Not listed on the Trust Center or security page. Not applicable to a digital-market-intelligence product.

    source: trustcenter.similarweb.com

    // Privacy & AI training

    Trains on customer data

    Not stated

    Data processing agreement

    Not stated

    Data region

    unknown (Similarweb runs on cloud infrastructure; the privacy statement allows international transfer with safeguards. The third-party cookie/consent provider referenced on the marketing site is Microsoft.)

    Similarweb is itself a data vendor, not an LLM provider. Its 'Data for AI' offering states training datasets are 'aggregated, anonymized, and privacy-compliant' and 'fully licensed for commercial AI training', sourced from a global opted-in panel - this concerns the data products it SELLS, not ingestion of a SaaS customer's own uploaded business data. No statement was found indicating Similarweb trains models on a customer's CRM/account data submitted to Sales Intelligence or other SaaS products. Customers ingesting personal data (e.g. CRM enrichment) should review the DPA and obtain explicit AI-use terms.

    // Security controls

    Disk encryption

    Listed as a control on the Trust Center

    trustcenter.similarweb.com

    Multi-Factor Authentication

    Listed control

    trustcenter.similarweb.com

    Role-Based Access Control

    Listed control

    trustcenter.similarweb.com

    Vulnerability & Patch Management

    Listed control

    trustcenter.similarweb.com

    Network defenses / Firewall / Bot detection / DLP

    Listed controls

    trustcenter.similarweb.com

    Incident response process

    Develop and manage our security incident response process

    similarweb.com

    Disaster recovery / business continuity

    Maintain and enhance disaster recovery and business continuity plans, and test them regularly

    similarweb.com

    Third-party / vendor risk management

    Use a dedicated third parties risk assessment platform to perform an ongoing third-party security review of our key suppliers

    similarweb.com

    Penetration testing

    unknown - not explicitly stated on public pages; SOC 2 Type II + ISO 27001:2022 audits ordinarily require periodic pen testing, and a Security Whitepaper is available via the Trust Center (gated)

    trustcenter.similarweb.com

    Bug bounty / vulnerability disclosure

    unknown - no public HackerOne/Bugcrowd program or VDP page found on the vendor domain

    trustcenter.similarweb.com

    // Products & data scope

    Web IntelligenceMarket research / competitive analysis / SEO & AEO

    data: Aggregated digital traffic, audience, keyword and market data; minimal customer-supplied PII

    Core flagship product. Data is aggregated market intelligence, low direct-PII risk for the buyer.

    Sales IntelligenceB2B sales prospecting / lead gen / CRM enrichment

    data: Contains contact data, lead/company data and CRM enrichment - higher PII handling; buyers should sign a DPA

    This product handles third-party contact PII (lead generation, contact data, CRM enrichment), so it carries the heaviest data-protection scope of the suite.

    App IntelligenceMobile app usage and engagement analytics

    data: Aggregated, panel-derived app usage metrics

    Aggregated/anonymized panel data.

    Retail IntelligenceAmazon / e-commerce shopping behavior insights

    data: Aggregated retail/SKU and shopping-behavior data

    Market-level retail analytics.

    AI Search IntelligenceBrand visibility across AI engines/chatbots

    data: Brand visibility, citation and sentiment data across AI search

    Newer AI-era visibility tracking module.

    Data-as-a-Service (API) / Data Partnerships (OEM)Bulk data feed / API

    data: Large-scale licensed digital datasets delivered via API

    Enterprise data feeds; governed by separate data-licensing terms.

    Browser extension & free web toolsConsumer / free tier (Website Traffic Checker, etc.)

    data: Extension contributes to the opted-in measurement panel; free tools are anonymous lookups

    The browser extension feeds Similarweb's measurement panel - relevant for end users who install it, separate from the paid SaaS data scope.

    // What to watch

    • Public company (NYSE: SMWB), 6,000+ customers, mature enterprise security program - low vendor-risk profile.
    • SOC 2 Type II + ISO/IEC 27001:2022 + SOC 3 confirmed on vendor's own Trust Center and security page with direct quotes.
    • Penetration testing and bug bounty/VDP not publicly documented; detailed evidence (Security Whitepaper, InfoSec Policy) sits behind a gated Trust Center - request under NDA for procurement.
    • Sales Intelligence handles third-party contact PII - require a DPA for that product specifically.
    • DPA, AI-training-on-customer-data stance, and data residency could not be confirmed from public pages; verify in contract.

    // At a glance

    Pricing model

    Commercial subscription (free tools + free trial; paid Starter/Team/Enterprise tiers; custom enterprise and DaaS/API contracts; 'Get a demo' / 'Talk to Sales' for higher tiers)

    Self-hostable

    No

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Similarweb LTD's own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    trustcenter.similarweb.com

    > Browse all vendor trust reports