This website works best with JavaScript enabled. Learn how to enable JavaScript.


VWO’s enterprise-grade platform has been designed keeping in mind the high level of security expected by world-class businesses. With VWO, you can be rest assured that any data stored by us remains safe, confidential, and accessible. By ‘safe’ we mean that the data will be protected against any type of loss or corruption, ‘confidential’ means access to the data is granted only to authorized personnel, and by ‘accessible’ we ensure that the data is available to authorized users whenever required.

How VWO handles data

VWO allows customers to easily create variations of their websites, split the website traffic to the variations and calculate the statistics to identify a winning variation. The variations are configured by the user via the VWO web-app, and those configurations are hosted in the cloud on VWO’s Content Delivery Network (CDN) as static text files. VWO is hosted on its own private, dynamic CDN which uses Bare Metal Servers managed by IBM SoftLayer in their state-of-the-art data centers across the globe. The technical and security specifications of our CDN are detailed further in this article. The variation configurations can also be self-hosted on the customer’s server, if required, for added security.

The service only works when the customer places VWO’s SmartCode, a Javascript tracking code, in the head tags of its web pages. When a visitor accesses the web page, the VWO SmartCode fetches the appropriate configuration from our CDN, and applies the changes on the browser-side by manipulating the DOM / HTML as it loads. VWO only interfaces with the front-end of the customer’s website and does not require any access to their backend system and database.

What data VWO captures

Client data

When a user signs up for VWO services, we store their email ID, name, IP address, location, and company information as entered in the forms available on our website and inside the web-app. When a user opts to purchase a paid plan, we use globally reputed third-party payment processors like 2Checkout and FastSpring. We don’t store any credit card information ourselves. Any customer information stored with VWO is never shared with any third-party services.

End-user data

VWO stores the following information for the visitors who visit the customer’s website which has VWO tests running:

  • Total number of visitors becoming part of the test (counter).
  • Total number of conversions for a goal (counter).
  • Revenue – in case a revenue goal is defined by the customer. The value of the goal is defined by the customer and is not fetched from the customer’s database or system.
  • User agent, anonymized IP address (with last octet deleted) and timestamp when Post Result Segmentation is turned on.

How VWO uses cookies

VWO uses cookies to run tests and analyze the customer’s website visitor data. The cookies keep track of the variation a visitor has viewed and serve the same variation to the visitor consistently, track goals completed by a visitor, and determine whether a user is part of a test.

Where VWO saves data

  • VWO is hosted on Bare Metal Servers managed by IBM SoftLayer, which is SSAE16 certified which store:
    • All source-code (in a IBM SoftLayer data center located in Singapore).
    • Configuration data on the CDN (in 13 IBM SoftLayer data centers in 8 countries).
    • Database cluster (in a IBM SoftLayer data center in the US).
    • VWO web-app (in a IBM SoftLayer data center in the US).
  • All Production data is stored in IBM SoftLayer data center spread across different locations.
  • We do not store any customer data locally.
  • The variation configurations required to run the tests for visitors can also be self-hosted on the customer’s servers for added security control.

How VWO protects data

Physical security 

Physical access to the IBM SoftLayer data centers is restricted by IBM SoftLayer. No physical access is allowed to any of the employees of Wingify, the parent company of VWO.

Code security

  • VWO code is stored in a Stash / Atlassian system hosted by IBM Softlayer in Singapore.  VWO employs strict role-based security / passwords for access to the code.  Commits to production code are strictly reviewed and approval is restricted to just two people (Chief Technical Officer and Lead Engineer), after passing Unit Testing and QA in Test and Staging.
  • The data stored on production servers is accessible only to the Chief Technical Officer and the Lead Engineer. No one else in VWO has access to customer data unless permission access is granted by the Chief Technical Officer or the Lead Engineer to resolve any technical issue or for debugging.
  • There is an hourly backup of the database data in SoftLayer data centers.

Application access

  • You are always connected to the VWO web-app via HTTPS using Secure Sockets Layer (SSL), a cryptographic protocol that is designed to protect against eavesdropping, tampering, and message forgery.
  • You can assign roles and permissions to each user that you add to your account to ensure appropriate level of access to your VWO account.
  • You can restrict access to your VWO account to certain IP addresses.
  • You can enable alerts to email you whenever specific activities takes place in your account.

Vulnerability scans

VWO conducts regular vulnerability scans against its internal and production systems. We are protected against OWASP top 10 security threats. We welcome customers to conduct their own vulnerability scan if they like, as long as they contact us beforehand for permission.

Data availability

  • The static JavaScript files are hosted on VWO’s CDN with a fail-over strategy that guarantees zero downtime and ensures that your website does not slow down even for a single minute.
  • VWO is hosted on Bare Metal Servers managed by IBM SoftLayer, which is SSAE16 certified. Historically, we have achieved 100% uptime consistently over the past two years.

VWO is trusted by 4,000+ customers

VWO takes strict measures to ensure that any data stored with us is kept safe. VWO is trusted by large enterprises like AMD, Lenovo as well as financial institutions like Tinkoff Bank, Aussie, ICICI Bank for their conversion optimization requirements.

VWO is committed to transparency and the choice of users to opt out of getting tracked by VWO. However, please be assured that VWO never tracks your personal data or information. Please check our privacy policy to understand our data policy in detail.

  1. To opt out of VWO tracking, go to the opt-out page.
  2. To opt out of all VWO tracking, click Disable VWO.  Next, VWO creates a cookie in your current browser settings to identify and stop tracking your visits.
  3. To opt for VWO tracking, visit the page, and then click Enable VWO.

ATTENTION Please note that these settings are browser-specific and the opt-out will be effective in the current browser you are using. Your visits will continue to be tracked on other browsers or even in the incognito mode. 

Opt Out of Website tracking

  • For website visitors: Enter the URL of the website you do not want to be tracked. and click Generate Opt Out Link. Then, click on the generated opt-out link to exclude yourself from any VWO tracking.
  • For website owners: Enter the URL of the website you do not want to be tracked. and click Generate Opt Out Link. Share the generated link with your visitors who want to opt-out from VWO.

Opt Out of Mobile App Tracking

  • For app users: Contact your application owner/developer to opt out of VWO.
  • For iOS app owners:
    1. Call the opt-out method to opt-out using [VWO setOptOut:YES];
    2. To opt-in again, call the method using [VWO setOptOut:NO];
  • For Android app owners:
    1. Call the opt-out method to opt-out using VWO.setOptOut(true);
    2. To opt-in again, call the method using VWO.setOptOut(false);

We host VWO with SoftLayer, one of the most reliable hosting service providers.  We have consistently achieved 99.7% uptime and you can view our server reports. The static JavaScript files are hosted on Amazon S3 and have a failover strategy that guarantees zero downtime. Our innovative strategy ensures that your website does not slow down even for a minute.

We currently handle over a billion requests per day and are confident that we can handle another billion. We have special provisions for high traffic testing. Helping us to provide you with the best-in-class services, VWO has its servers currently located in the following countries: Japan; Australia; Singapore; Netherlands; United Kingdom; France; Germany; and West, East, and Central United States.

Deploying the multiple server architecture ensures that VWO is:

  • Scalable: As our customer base grows, we’ll keep adding more servers to any particular geographies in the world.
  • Failsafe: If any server goes down, the traffic is automatically redirected to the next nearest server.
  • Our Geo-targeting feature uses the content distribution network where different servers across the world remain in sync to serve dynamic content based on the originating URL and behavior of the visitor.

At present, we handle upto 20–25k requests per second. Let us know the scale that you are looking for, and we assure you that we will be able to handle it. We would love to understand your requirements if you have your website traffic higher than 100,000 visits per day or else simply sign up here and we will ensure you get the best out of VWO. You can check for the uptime status of the service anytime here.

Contact Us / Login