We have comprehensive policies for how we handle security across the organization that applies to all systems, people and processes that constitute the organization's information systems, including board members, employees, suppliers, and other third parties with access to our systems.

Our core products are primarily a client-side JavaScript library and do not perform any data processing of personal data unless included in the optional export module where we have a disclaimer. Please see our documentation for further explanation.

Since Highcharts is a client side library, we don’t see penetration testing relevant. However we have done vulnerability testing with Checkmarx, and in particular focused on XSS exploitation. In addition to this testing, our CI test suite is set up with the examples from the OWASP XSS Filter Evasion Cheat Sheet.

Extending our core products, Highcharts may also refer to files on other web servers, or send chart configurations across the web. Such instances, and how to deal with them, are covered in our General Documentation.

Data collected about website visitors, users and customers, in addition to why and how we use this data are described in our Privacy Policy and Cookie Policy (available in footer on all pages).