Rewind's Security Portal

We’re pleased to share that Rewind is now ISO/IEC 27001:2022 certified.

Our certificate dated June 11, 2025 is available to view or download on the Rewind Trust Center.

Rewind has completed its latest audit for SOC 2 compliance.

The newly released SOC 2 Type 2 report, dated May 15, 2025, covers the 12-month monitoring period ending on March 31, 2025.

Documentation, including our SOC 3 report, is now available in Rewind's Trust Center.

Rewind has just completed our latest audit for SOC 2 compliance!

This new SOC 2 Type 2 report dated June 6 2024, is for the 12-month monitoring period ending in March 31 2024.

Documentation, including our SOC 3 report, is now available in our Trust Center.

This is an automatic notification to inform you of important updates to Rewind’s Data Processing Agreement (DPA), effective May 10, 2025.

As part of our ongoing commitment to transparency, compliance, and the security of your data, we’ve made the following changes:

1. Inclusion of CCPA-Specific Provisions We’ve added language to address the California Consumer Privacy Act (CCPA) and its amendments under the CPRA, aligning with service provider obligations.

2. Revised Security Annex Updates reflect current security practices, including enhanced descriptions of encryption, incident response, and audit procedures.

You can view the most recent version of Rewind’s DPA, posted on April 10, 2025 — check it out here.

If you have questions about privacy or data protection, contact us at privacy@rewind.com. For all other inquiries, please submit a request help@rewind.com.

Thank you for choosing Rewind.

Rewind conducts regular reviews of Rewind’s DPA to ensure it continues to meet our Customer’s requirements. We are notifying you that as part of this recent review, our DPA has been updated to reflect changes in data protection laws, to incorporate feedback from our Customer’s and to address minor grammatical spelling and punctuation issues. As per Section 10.3.1 of our DPA, the revised version will become effective 30 days after it is posted.

The updates and modifications to this DPA do not materially decrease the overall security and data protection provided by Rewind to our Customers. Please take some time to review the DPA, available at https://rewind.com/legal/dpa/. If you have any questions about the updates to this DPA, please contact us at privacy@rewind.com.

At Rewind, we are committed to transparency in how we manage your data. We have recently updated our Subprocessor List to reflect changes in the third-party services we use to support our products and operations.

Key Updates:

✅ New subprocessor categories for improved clarity, including Infrastructure & Security, General Operations, Employment, and Platform-Specific Subprocessors.

✅ Removal of Intercom as a subprocessor and the addition of Ada, FullStory, Microsoft Clarity, and Appcues.

✅ Enhanced descriptions of each subprocessor’s role and data usage to ensure compliance with GDPR, CCPA, and other regulations.

You can review the updated list here: https://rewind.com/legal/sub-processors/. If you have any questions or concerns, feel free to reach out to us at privacy@rewind.io.

Thank you for your trust in Rewind!

Rewind has recently updated our sub-processor list. Please visit https://rewind.com/legal/sub-processors/ to review any changes.

Rewind has recently updated our sub-processor list. Please visit https://rewind.com/legal/sub-processors/ to review any changes.

Rewind has recently updated our sub-processor list. Please visit https://rewind.com/legal/sub-processors/ to review any changes.