SurveyLegend and Security
For us, security and privacy concerns of millions of users who have trusted in SurveyLegend is a huge priority. Therefore, we use some of today’s most up-to-date and most advanced technologies for Internet Security. However, to assure you that your data is appropriately safe and secured with us, we want to be transparent about our practices. You can always see the latest information and terms related to security of SurveyLegend at our Terms and Privacy page.
Security of survey creators
256 SSL/TLS Encryption
All communications with the SurveyLegend.com website are sent over 256 SSL/TLS connections. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) technology (the successor technology to SSL) protect communications by using both server authentication and data encryption. SL allows sensitive information such as credit card numbers, personal information, and login credentials to be transmitted securely. Normally, in other websites (NOT SurveyLegend), data sent between your browsers and web servers is sent in plain text, which leaves you vulnerable. So, if an attacker is able to intercept all data being sent between your browser and a web server they can see and use that information. But when a site has the SSL encryption, no one can see the data being transmitted.
We use a very strong 256-bit SSL encryption for all data transfer both on our website, and all our surveys.
Extended Validation Certificate
We have of course a secure SSL encrypted communication with you, however, to proof it we have also achieved an Extended Validation Certificate (EV). A legally recognised company can achieve an EV Certificate, only if it is entirely investigated and certified by a valid EV Certificate issuer company. It is a hard and time consuming process, but it makes sure that everything is in order.
You can easily see which site has a real EV Certificate, by seeing their Extended Validation Trustbar Indicators, which appears in your browser’s address bar, just like the image above. Each browser shows the EV Certificated in a different way. However, usually a green box accompanied with a lock icon shows this certificate. In addition, the “HTTPS” letters in the beginning of the address shows that we are using SSL Encryption.
No Heartbleed vulnerability
Some time ago, a security hole called Heartbleed, was discovered in the OpenSSL cryptographic software library, and many website were affected by it. This bug could make it possible for attackers to access the data, even if the data was secured by SSL/TLS encryption used to secure the Internet.
However, SurveyLegend has never been affected by this bug because we are always one step ahead! You can check the vulnerability of our website agains Heartbleed here…
SurveyLegend makes it possible for you to export your data from our system in a diversity of formats (for example Excel, CSV and more) so that you can back your data up, or use it with alternative applications. If you connect your account to your Gmail, or if you register using your Gmail account, you can Export your data directly to GoogleDrive and reach and share it with anyone you trust, from anywhere. Just remember to protect your participants’ privacy, as it is your responsibility from here…!
SurveyLegend tool uses Firebase SimpleLogin for user authentication and Firebase for storage. User data for SurveyLegend is logically segregated by account-based access rules. User accounts have unique usernames and passwords that must be entered each time a user logs on. The SurveyLegend website (only the informational part of the website, not the SurveyLegend web app) is based on WordPress and uses all security features provided by WordPress. WordPress is updated continuously to ensure the security of our users.
Our Privacy Terms
- Data Centers: User data is stored on Google Cloud servers and abide by the European Union (EU) data protection directive, read more here Google Cloud Servers EU data protection directive. With backups on our servers hosted by DigitalOcean in Amsterdam Europ, abiding by the European Union (EU) law.
- Data Center Security: For more information check the websites of Firebase and DigitalOcean.
- Uptime: Nonstop uptime tracking, with immediate intensification to SurveyLegend personnel for any downtime.
- Firewall: Firewall restricts access to all ports except 80 (http) and 443 (https).
- Patching: Latest security patches are added to all application files to mitigate newly discovered vulnerabilities. The latest security patches are also added to all operating systems.
- Backup Frequency: Backups takes place hourly internally, and daily to a centralized backup system for storage in numerous geographically various sites.
Our Software Development Practices
- Stack: We code in Javscript and PHP. Our servers run nginix, MySQL and CouchDB on Ubuntu Linux..
- Coding Practices: Our engineers (A.K.A Legends) use best routines and industry-standard secure coding guidelines to provide secure coding.
When you pay for a payed subscription, you have to enter your payment information. But since this step of the payment is handled by either PayPal or ePay (based on your own choice) we will not be able to see or save your payment data. The only thing we can save is your payment preference. So, you can feel safe because nobody here can see the payment details, not even if someone logs in to your account.
100% Money Back Guarantee
To make you feel more safe with your payments, we have a policy that lets you get a full refund if you are not pleased with you payed SurveyLegend account. To read more about this, please have a look at our Terms under respective tab.
Management of Security Breaches
Even though our best efforts, no practice of transmission over the Internet and no practice of electronic storage is totally secure at the time; we cannot guarantee absolute security. If SurveyLegend learns of a security breach, we will notify involved users so that they can take appropriate measures. Our breach notification processes are consistent with our obligations according to Swedish law and other mandatory foreign acts, as well as any industry acts or standards that we comply to. Notification processes include email notices or posting a notice on our company blog if a breach happens. We take immediate action to technically remove any occasional security vulnerabilities, right after we discover them.
Some of Your Responsibilities
Make sure to maintain the security of your account by using amply complicated passwords and storing them safely. Make sure that you have enough security on your own systems; to keep any survey data you download to your own computer away from intrusive individuals that should not have access to your data.
Security of survey participants
256 SSL/TLS Encryption
All survey responses are gathered over secured, encrypted 256 SSL/TLS connections and all other communications with the SurveyLegend.com website are sent over SSL/TLS connections. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) technology (the successor technology to SSL) protect communications by using both server authentication and data encryption. This ensures that user data in transit is safe, secure, and available only to intended receiver.
Keep in mind
Surveys are administered by account owners (survey creators). We gather the responses that you submit to the survey creator, and according to our Terms every survey creator (account owner) has agreed not to misuse the data you provide and not to violate your privacy rights.
So If you wonder about a survey you are taking, please reach out to the survey creator directly; which is usually the same person who asks you to respond to his/her survey. This is because SurveyLegend is not responsible for the content of surveys or your responses to it.
- Are your responses anonymous? This depends on the survey and how the survey creator has configured the survey. We recommend you contact them to find out.
- We don’t sell your responses to third parties. SurveyLegend only presents and saves the data for the survey creator, who controls your data.