Posted on: 2014-05-01
Last updated: 2018-05-01
For us, security and privacy concerns of millions of users who have trusted in SurveyLegend is a huge priority. SurveyLegend uses some of the newest and most advanced technologies for Internet security that are applicable today. We want to be transparent about our security and practices, to assure you that your data is appropriately safe and secured with us. We aim to make sure that user data is kept securely, and that we gather only as much personal data/information as is needed to provide our services to our users in an secure, efficient, fast and effective way.
Additionally, we comply with the GDPR regulations, which aim to protect personal and sensitive information. Read detailed information about our GDPR compliance here.
Preventing unauthorized access (in the physical sense) to premises and facilities where data is processed
As explained in this page, we store and process data using technologies provided by DigitalOcean and Google. Here you can read about their ways of protecting their data centers: DigitalOcean’s security and Google Cloud Services’ security.
Also as explained in this page, our online payments are handled by Stripe, and here you can read about Stripe’s security.
Preventing unauthorized access to our IT systems
We use password procedures (including superior complex passwords special characters, regular change of passwords). We also use two step authentication for our accounts at DigitalOcean, Stripe, and Google.
Additionally for our own administrator dashboard, not only we use complex passwords and username, but also we have incorporated multiple authentication layers to prevent unauthorized access.
Preventing unauthorized access to user accounts
SurveyLegend tool uses Firebase SimpleLogin for user authentication and Firebase for storage. User data for SurveyLegend is logically segregated by account-based access rules. User accounts have unique usernames and passwords that must be entered each time a user logs on. The SurveyLegend website (only the informational part of the website, not the SurveyLegend web app) is based on WordPress and uses all security features provided by WordPress. WordPress is updated continuously to ensure the security of our users.
Preventing unauthorized access to data
On our website we have differentiated access rights (profiles, roles), as well as access reports and logging. Our admins do not share accounts, and each have unique user IDs. Our employees all use only latest Apple devices for design and development. They are required to have password protected logins on their devices, as well as using Apple’s FileValut technology to encrypt their hard-disks.
Preventing disclosure of personal data
We use encrypted transfer (sFTP, TLS). All communications with the SurveyLegend.com website, app, surveys are sent over TLS connections. Our Transport Layer Security (TLS) protocol protects communications by using both server authentication and data encryption. TLS allows sensitive information such as credit card numbers, personal information, and login credentials to be transmitted securely. So, if an attacker is able to intercept all data being sent between your browser and our servers, they cannot see and use that encrypted information. We use a very strong TLS encryption for all data transfer both on our website, app and all our surveys.
Additionally, our firewall restricts access to all ports except 80 (http) and 443 (https).
Keeping our code up-to-date and secure
We also always apply latest security patches for all open-source libraries, as well as all purchased libraries, apps, add-ons, or 3rd party services that we use. Be it on our website, app, or development and design programs. Additionally, the latest security patches are applied to all operating systems on our servers regularly. We code in Javscript and PHP, and our servers run nginix, MySQL and CouchDB on Ubuntu Linux.
Also, our engineers use the best routines and industry-standards, and secure coding guidelines to provide secure coding.
Management of Security Breaches
Unfortunately, nobody is truly and completely safe from hackers. Although we do our best to protect your personal information, we cannot guarantee security, no Internet transmission can ever be guaranteed 100% secure, and so we encourage you to take care when disclosing personal information online and to use readily available tools, such as Internet firewalls, latest web-browsers, secure e-mail and similar technologies to protect yourself online.
If SurveyLegend learns of a security breach, we will notify involved users so that they can take appropriate measures. Our breach notification processes are consistent with our obligations according to Swedish law and other mandatory foreign acts, as well as any industry acts or standards that we comply to. Notification processes include email notices or posting a notice on our company blog if a breach happens. We take immediate action to technically remove any occasional security vulnerabilities, right after we discover them.
7. Some of Your Responsibilities
Make sure to maintain the security of your account by using amply complicated passwords and storing them safely. Make sure that you have enough security on your own systems; to keep any survey data you download to your own computer away from intrusive individuals that should not have access to your data.