Our infrastructure

Our platform is secure, fast and reliable. That way you can concentrate on research while we take care of the technical stuff.

Reliable

Our SaaS platform is hosted in multiple datacenters on multiple continents. We use redundant hardware and load balancing to deliver unmatched up-time and performance.

Secure

All data is stored in Class A datacenters with extensive physical security. We receive regular security audits. We adhere to security best practice. We were the first survey tool with Two Step Verification.

Smart backup

All data is synchronized between our datacenters in real-time, with multiple copies being stored on multiple machines on multiple hard drives. Data loss is not an option.

Fast

Our load balanced, multi datacenter infrastructure is tuned for speed. Our software is stateless, service based, has a small footprint and makes significant use of a CDN to ensure that you and your respondents never have to wait.

Where is my data stored?

As an enterprise survey platform, we let you choose where your data is stored. Want your data stored in the US, in Asia, Canada or only inside the EU? It is up to you!

HIPAA, GDPR and CCPA compliance

As an enterprise level platform serving government, health care and financial clients, privacy and security compliance is a must. Because of the markets that we serve, we have put a lot of effort over the last 19 years into our compliance with the major privacy and security regulations.

These efforts are built upon three pillars:

  1. Administrative Safeguards
    These have to do with the policies and procedures we have in place to ensure the proper employee management, training and oversight for staff that come into contact or manage personally identifiable information (PII) and protected health information (PHI). It includes providing tools to our clients to manage and limit the access to PII and PHI to certain user roles and specific users within their own accounts. It also includes having agreements in place with service providers that perform covered functions. These agreements, called sub-processor agreements and Business Associate Agreements (BAAs) ensure that these service providers (Business Associates) process and safeguard PII and PHI in a secure and compliant manner.
  2. Technical Safeguards
    They include things like encryption at rest and in transit, firewalls, logging, encrypted data storage, business continuity, fine-grained data retention rules controlled by our clients and more.
  3. Physical Safeguards
    These include the use of multiple class A data centers, data redundancy, data region isolation, access to servers and more.

These pillars are covered extensively in our Data Processing Agreement.

Certificates of our hosting environment

  • PCI DSS Level 1
    We run our applications on PCI-compliant technology infrastructure for storing, processing, and transmitting credit card information in the cloud.
  • SOC 1/SSAE 16/ISAE 3402 (formerly SAS 70 Type II)
    The SOC 1 report audit attests to control objectives which are appropriately designed and that the individual controls defined to safeguard customer data are operating effectively.
  • ISO 27001
    ISO 27001/27002 is a widely-adopted global security standard that sets out requirements and best practices for a systematic approach to managing company and customer information that’s based on periodic risk assessments.
  • FISMA Moderate
    FISMA requires federal agencies to develop, document, and implement an information security system for its data and infrastructure based on the National Institute of Standards and Technology Special Publication 800-53, Revision 3 standard.
  • FIPS 140-2
    The Federal Information Processing Standard (FIPS) Publication 140-2 is a US government security standard that specifies the security requirements for cryptographic modules protecting sensitive information.