Did you know?
63% of people consider a company's privacy and security history before using their products or services.
You own the data in your account.
We safeguard respondent email addresses.
This depends on how you configure the survey, form, application or questionnaire. Click here to read more about respondent anonymity.
Respondent Information Requests.
SurveyMonkey does not handle respondent information requests such as access requests / right to be forgotten requests etc with respect to the data which you control in your account. We will always direct a Respondent back to you when we receive these requests and we have established processes to provide you with reasonable assistance for these requests as needed.
You control how long data remains in your account. Once you delete data from your account it only exists in back-ups within our service for a limited period of no more than 12 months. After this time the data is permanently deleted. Any data we retain beyond this is non personal /aggregated and anonymous data related to the operation of our services which we use only to help us build new products and improve our existing services.
We offer all our customers our standard Data Processing Agreement with Standard Contractual Clauses (SCCs) and SurveyMonkey Inc is Privacy Shield certified.
Security highlights for:
- Access Control (Authentication and Authorization)
- Continuous Network and Security Monitoring
- SOC 2 accredited Data Centers for survey data and AWS cloud storage for other services.
- Vulnerability Management
- Incident Response and Recovery
- Security Awareness Training
- Periodic Independent 3rd Party security reviews and penetration testing
- PCI DSS Compliant (SurveyMonkey/SurveyMonkey Apply and Wufoo services)
- HIPAA Compliant (SurveyMonkey surveys)
Data storage: We have multiple data centers to guarantee a secure and highly available service at scale.
Our Security team has drafted a Security White Paper containing more granular detail for our SurveyMonkey Enterprise customers. Please contact us if you would like to receive a copy. We are also in the process of seeking ISO 27001 certification as part of our security program for certain aspects of our business and will be providing updates as this progresses.