At Survicate, we have implemented security measures and policies to make sure your data is stored in the best manner.
In this article, you'll learn:
what data we store;
what legal documents and programs are available;
how to transfer ownership or delete your account.
💡Read on to find out answers to the most frequently asked questions about security.
How to change ownership
1. To change the organization owner, please go to Organization Settings > General and, under Organization owner, please click Transfer ownership.
2. In the pop-up window, you can select the new owner. You can choose only the person that is a teammate in your organization.
If you want to transfer ownership to someone who doesn't have an account, you need to send an invitation in order to add a new teammate to your organization.
3. You will need to confirm you're authorized to transfer account ownership by entering the code we sent to your email address.
Please note that to change the organization name or transfer ownership, you need to be the owner of the organization. If the current organization owner has left the company or is unable to reassign ownership, please reach out to us on chat 👉.
How to delete an account
To delete your account, please reach us at email@example.com with the email you've used to register for the account or strike up a chat conversation, and we'll delete your account.
If you are the account owner, by deleting your account, you acknowledge that all the surveys and answers stored in your account will also be deleted.
Statement of Work, Custom Data Processing Agreement, and Service Level Agreement can be signed on the Scale plan.
Please visit our Pricing page for more information.
What respondent data we store
Scope of data related to respondents processed by the Survicate:
Visitor attributes passed using traits or survey URLs,
email address in link surveys (sending through client’s e-mail),
operating system version, device type,
whereby, in the scope of Visitor ID and Visitor attributes passed using traits or survey URLs, the data is stored in Local Storage.
A separate category is the data included in the answers to the survey questions. A wide variety of data can be found here, depending on the questions asked in the surveys. Survicate does not read / analyze the answers to surveys’ questions, unless technical problem solving.
Survicate uses geographic location based on IP address. Survicate does not collect precise GPS co-ordinate locations. We just infer location from IP address. What is important, Survicate does not store this information, i.e. it is processed live for the purposes of technical delivery of the service.
Respondents’ IP can be used for Firewall purposes (functionality of permanently blocking connections from specific IP addresses and integrating user identity management).
Where we store data
Survicate is hosted on the AWS cloud in Ireland.
You can read more about Infrastructure security in this article
AWS report (SOC reports for your AWS compliance program)
ℹ️ AWS Compliance Programs such as ISO 27001 or SOC 2 ensure the security of our infrastructure.
Survicate does not use respondent cookies when storing information about respondents for the purpose of providing services. All data we need to communicate with our database is stored within Local Storage and Session Storage of an active browser.
We use Local Storage to store:
- Visitor ID
- Visitor attributes passed using traits or survey URL. Be noted that visitor attributes are optional, and you decide what and if any additional data is stored.
- Survey status (displayed and answered surveys)
- Survey responses given by specific respondent queued to be sent to Survicate (deleted after the answer is sent)
Please note that we do store cookies about visitors on our marketing survicate.com website.
Do you need consent from your respondents to collect and store their data
Data processing does have some kind of interference in the sphere of privacy, very small and insignificant, but it does.
It works the same for mobile applications and websites.
The small interference mentioned above is mostly related to the IP, which according to court jurisdictions among EU might be, in some occurrences, perceived as personal data. This means that the processing of IP is an interference in the sphere of privacy and be treated as personal data processing.
The legal basis for data processing in relation to IP may be consent or another legal basis (e.g. legitimate interest, performance of a contract).
It's up to you to decide if you should add a disclaimer or ask for consent from your respondents to collect and store their data or base processing on legitimate interest.
Do we share data with any third parties
No, we do not.
In this article, you can read who can access your survey results.
In the event of a breach of Survicate, how will incident handling and informing of clients be done
You can report security incidents to the email address: firstname.lastname@example.org.
If we obtain information or learn that account data has been disclosed and thus your control over them has been violated, we will inform you without undue delay and, where feasible, not later than 36 hours after having become aware of it.
If you find out that unauthorized access to account data has taken place, please contact us in accordance with the point above.
In the event of an occurrence or incident involving account data, We will ask you to give us a consent to inspect your account, view full log history and provide information to relevant authorized bodies that request such data.
In the event of a personal data breach concerning data processed by the Survicate, we will assist you:
(a) in notifying the personal data breach to the competent supervisory authority/ies;
(b) in obtaining the following information:
(i) the nature of the personal data including where possible, the categories and approximate number of data subjects concerned and the categories and approximate number of personal data records concerned;
(ii) the likely consequences of the personal data breach;
(iii) the measures taken or proposed to be taken to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.
In the event that the Survicate account has been compromised, what are the steps needed to be taken by users
Inform Survicate to the email address. email@example.com about the suspected compromise and ask for their assistance.
Change your password. Make sure you choose a strong and unique password that is not easily guessable.
Enable two-factor authentication. This will add an extra layer of security to your account and make it more difficult for hackers to gain access.
Scan your device for malware. Run a malware scan on your device to check for any malicious software that may have been installed without your knowledge. Remove any threats that are detected.
Monitor your accounts: Keep a close eye on all of your accounts, not just your Sruvicate account, to ensure that there is no unusual activity. This includes your email, social media, and financial accounts.
Check our Legal & Security section to learn about Survicate's Application security, Infrastructure security, to find our policies, and many more.