Application & infrastructure security
It is our top priority to make you feel confident about sharing your data with Survicate. As a third-party service provider, we have taken strict security measures to ensure Survicate is reliable and safe to use. We treat the security and integrity of your data with utmost importance.
The article below outlines security measures we have taken thus far as well as the technologies and processes we currently use to safeguard your data.
We strive to provide our customers with solutions that help them safeguard their accounts against data breach and unwarranted interference.
At Survicate, credit card data security is of crucial importance. For that reason, we use Braintree to securely handle credit card information. We use Recurly to manage the customer's subscription and billing information. Both Braintree and Recurly are Validated Level 1 PCI DSS Compliant Service Providers.
User roles management
Survicate segments the Survicate Panel into different areas of access for maximum user control. There are four roles in Survicate, each serving a different purpose. You can be either an organization owner, workspace administrator, user or guest. Users will not be able to see or access navigation menu items or pages they do not have access to.
Two-factor authentication (2FA)
To add an additional layer of security to your Survicate account, you can turn on two-factor authentication (2FA). We highly recommend enabling two-factor authentication which has become a standard method of authentication across the internet to protect yourself against unauthorized access.
Single Sign-On (SSO)
SAML single-sign-on gives users a centralized and secure way of controlling access to their organizations. Survicate supports SSO via SAML 2.0 standard. We have dedicated tutorials for Okta and OneLogin, but it’s also possible to integrate with other providers for as long as they support SAML 2.0.
Survicate is hosted on the AWS cloud in Ireland.
Your data, including respondents' details and survey responses, is secure both at rest and in transit.
We use HTTPS protocol in transit to protect your data. Our TLS/SSL setup follows the latest recommendations.
Our databases and file stores are encrypted. We use AWS KMS which is a secure and resilient service that employs hardware security modules. They have been validated under FIPS 140-2, or are in the process of being validated, to protect our encryption keys.
We store our backups in at least three regions located in Ireland. As a part of our Disaster Recovery Plan, we've also implemented the process for off-site backups on removable disks. Our backup media is stored in a protected facility elsewhere than other facilities to mitigate the impact in the event of a disaster.
We have a fixed backup cycle, and we regularly test backups to ensure they work as expected.
All backups, including off-site backups, are encrypted.
Network and servers security
To protect your data, we've divided our system. Development and testing environments are isolated from the production environment. Access to our databases and servers is restricted and securely configured within private subnets.
All public traffic is distributed through load balancers and firewalls. Our High Availability architecture has implemented redundancy, monitoring, and failover to make sure that all systems work properly even if a single component fails.
All workstations given to our personnel are configured in such a way as to comply with the highest standards of security.
We have antimalware, firewall and device control software installed on all our workstations.
We use full-disk encryption in place for our laptop fleet. We do not allow access to corporate information from unencrypted devices such as mobile phones or tablets.
Monitoring, logging, and alerting
We have comprehensive logging, including security events, in place for all the relevant services. We regularly review the logs and retain event logs for at least one year should we need to investigate a security incident.