Trust Portal
At Contentsquare (to which Heap and Hotjar have recently been incorporated), the security, confidentiality and availability of your data is of utmost importance to us. We have invested heavily in our security program which is based on a Defense in Depth model. Our cybersecurity program aligns with the NIST Cybersecurity Framework and our policies, procedures, and standards are based on the International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) 27001 Framework. Contentsquare is ISO 27001, ISO 27017, ISO 27018 and ISO 27701 certified and holds a SOC 2 Type II report.
Contentsquare’s security program is managed by our chief information security officer (CISO). The CISO is supported by cybersecurity members that are leading and managing DevSecOps, product security, security governance, third-party risk assurance and information technology risk.
Security Update regarding CVE-2025-55182 (React/Next.js)
Dear Customers,
Following recent reports regarding the critical vulnerability in React Server Components (CVE-2025-55182), we immediately conducted a comprehensive security assessment to determine if our systems were impacted.
We are writing to confirm the following:
Impact Assessment: We have thoroughly audited all of our services that utilize React or Next.js. The majority of Contentsquare services do not rely on the vulnerable components. However, we identified that one internal service utilized a vulnerable version of Next.js. Upon the release of the CVE, we immediately took it offline until remediation is complete. We have found no evidence of exploit attempts, and no customer data was impacted.
Security Status: After a full investigation, we have found no evidence of exploit attempts and confirmed that no customer data was impacted.
Operational Status: All Contentsquare services are operating normally. We do not anticipate any service disruption related to this event.
If you have any questions or concerns, please reach out to our security team at security@contentsquare.com.
Sincerely,
The Contentsquare Security Team
Security Update regarding SHAI-HULUD v2 NPM packages
Dear Customers,
Following recent reports regarding the compromise of NPM packages (specifically the "SHAI-HULUD v2" campaign), we immediately conducted a comprehensive security assessment to determine if our systems were impacted.
We are writing to confirm the following:
- No Impact: We have thoroughly cross-referenced our codebase against the list of 800+ vulnerable dependencies. We have confirmed that we do not use any of the impacted package versions.
- Proactive Mitigation: To prevent inadvertent usage in the future, we have explicitly blocked these packages from being downloaded into our internal artifact repositories.
- Operational Status: All Contentsquare services are operating normally. We do not anticipate any service disruption related to this event.
If you have any questions or concerns, please reach out to our security team at security@contentsquare.com.
Sincerely,
The Contentsquare Security Team