SurveyLegend and Security
For us, security and privacy concerns of millions of users who have trusted in SurveyLegend is a huge priority. Therefore, we use some of today’s most up-to-date and most advanced technologies for Internet Security. However, to assure you that your data is appropriately safe and secured with us, we want to be transparent about our practices. You can always see the latest information and terms related to security of SurveyLegend at our Terms and Privacy page.
Security of creators
TLS v1.2 Encryption
All communications with the SurveyLegend.com website are sent overhighly secured connections. Our Transport Layer Security (TLS) protocol protect communications by using both server authentication and data encryption. TLS allows sensitive information such as credit card numbers, personal information, and login credentials to be transmitted securely.
When surfing most websites (NOT SurveyLegend), data sent between your browsers and web servers is sent in plain text, which leaves you vulnerable in many ways. So, if an attacker is able to intercept all data being sent between your browser and a web server they can see and use that information. But when a site has the TLS encryption, no one can see the data being transmitted.
We use a very strong TLS encryption for all data transfer both on our website, app and all surveys created with using our platform.
Extended Validation Certificate
We have of course a secure SSL encrypted communication with you, however, to proof it we have also achieved an Extended Validation Certificate (EV). A legally recognised company can achieve an EV Certificate, only if it is entirely investigated and certified by a valid EV Certificate issuer company. It is a hard and time consuming process, but it makes sure that everything is in order.
You can easily see which site has a real EV Certificate, by seeing their Extended Validation Trustbar Indicators, which appears in your browser’s address bar, just like the image above. Each browser shows the EV Certificated in a different way. However, usually a green box accompanied with a lock icon shows this certificate. In addition, the “HTTPS” letters in the beginning of the address shows that we are using SSL Encryption.
Data Portability
SurveyLegend makes it possible for you to export your data from our system in a diversity of formats (for example Excel, CSV and more) so that you can back your data up, or use it with alternative applications. If you connect your account to your Gmail, or if you register using your Gmail account, you can Export your data directly to GoogleDrive and reach and share it with anyone you trust, from anywhere. Just remember to protect your participants’ privacy, as it is your responsibility from here…!
User Authentication
SurveyLegend tool uses Firebase SimpleLogin for user authentication and Firebase for storage. User data for SurveyLegend is logically segregated by account-based access rules. User accounts have unique usernames and passwords that must be entered each time a user logs on. The SurveyLegend website (only the informational part of the website, not the SurveyLegend web app) is based on WordPress and uses all security features provided by WordPress. WordPress is updated continuously to ensure the security of our users.
Our Privacy Terms
We have a broad and strict Privacy Policy that gives a very translucent view of how we handle your data, including how and who we share the data with, how we use your data, and for how long we keep it. Click on the Privacy Policy tab above, to read more.
GDPR Compliance
At SurveyLegend, trust is our number 1 value, and protection of our customers’ data is paramount. We’ve built an online survey solution with respect to your and your respondent’s privacy and security. Read more about our GDPR Compliance here….
Security Technicalities
Physical Security
- Data Centers: User data is processed through Google Cloud servers that abide by the European Union (EU) data protection directive, read more here Google Cloud Servers EU data protection directive. All data is hosted and stored on our servers hosted by DigitalOcean in Europ, Frankfurt Germany, abiding by the European Union (EU) law.
- Data Center Security: For more information check the websites of Firebase and DigitalOcean.
Network Security
- Uptime: Nonstop uptime tracking, with immediate intensification to SurveyLegend personnel for any downtime.
- Firewall: Firewall restricts access to all ports except 80 (http) and 443 (https).
- Patching: Latest security patches are added to all application files to mitigate newly discovered vulnerabilities. The latest security patches are also added to all operating systems.
Storage Security
- Backup Frequency: Backups takes place hourly internally, and daily to a centralized backup system for storage in Frankfurt Germany.
Our Software Development Practices
- Stack: We code in Javscript and PHP. Our servers run nginix, MySQL and CouchDB on Ubuntu Linux..
- Coding Practices: Our engineers (A.K.A Legends) use best routines and industry-standard secure coding guidelines to provide secure coding.
Secured Payments
When you pay for a payed subscription, you have to enter your payment information. This step of the payment is handled either by PayPal or Stripe (credit cards). This is based on your own preferred payment method that you manually choose in the checkout page. We will not be able to “see” or “save” your payment data, since the payment is processed by Stripe or PayPal. The only thing we can save is your payment preference. So, you can feel safe because nobody here can see the payment details, not even if someone logs in to your account.
100% Money Back Guarantee
To make you feel more safe with your payments, we have a policy that lets you get a full refund if you are not pleased with you payed SurveyLegend account. To read more about this, please have a look at our Terms under respective tab.
Management of Security Breaches
Even though our best efforts, no practice of transmission over the Internet and no practice of electronic storage is totally secure at the time; we cannot guarantee absolute security. If SurveyLegend learns of a security breach, we will notify involved users so that they can take appropriate measures. Our breach notification processes are consistent with our obligations according to Swedish law and other mandatory foreign acts, as well as any industry acts or standards that we comply to. Notification processes include email notices or posting a notice on our company blog if a breach happens. We take immediate action to technically remove any occasional security vulnerabilities, right after we discover them.
Some of Your Responsibilities
Make sure to maintain the security of your account by using amply complicated passwords and storing them safely. Make sure that you have enough security on your own systems; to keep any survey data you download to your own computer away from intrusive individuals that should not have access to your data.
Security of respondents
TLS v1.2 Encryption
All communications with the SurveyLegend.com website are sent overhighly secured connections. Our Transport Layer Security (TLS) protocol protect communications by using both server authentication and data encryption. TLS allows sensitive information such your responses to a questionnaire, personal information, and uploaded files to be transmitted securely to the creator of the questionnaire.
We use a very strong TLS encryption for all data transfer both on our website, app and all surveys created with using our platform.
Keep in mind
Surveys are administered by account owners (survey creators). We gather the responses that you submit to the survey creator, and according to our Terms every survey creator (account owner) has agreed not to misuse the data you provide and not to violate your privacy rights.
So If you wonder about a survey you are taking, please reach out to the survey creator directly; which is usually the same person who asks you to respond to his/her survey. This is because SurveyLegend is not responsible for the content of surveys or your responses to it.
- Are your responses anonymous? This depends on the survey and how the survey creator has configured the survey. We recommend you contact them to find out.
- We don’t sell your responses to third parties. SurveyLegend only presents and saves the data for the survey creator, who controls your data.
No Heartbleed vulnerability
Some time ago, a security hole called Heartbleed, was discovered in the OpenSSL cryptographic software library, and many website were affected by it. This bug could make it possible for attackers to access the data, even if the data was secured by SSL/TLS encryption used to secure the Internet.
However, SurveyLegend has never been affected by this bug because we are always one step ahead! You can check the vulnerability of our website agains Heartbleed here…