Cyber Security

Cyber Security

We greatly appreciate the trust you place in us and in our product. Making Survio secure is our standard. Here's how we do it.

  • GDPR compliant
  • ISO certification
  • OV SSL certificate

Create a survey for free

Immediate protection of all data processed in the Survio application has the highest priority, which is why we constantly strive to apply measures leading to maximum security and integrity. At the same time, we provide transparent information regarding all security processes that we follow in these respects. Survio thus fully meets the strictest EU standards, see the Data Processing Agreement.

ISO 27001:2013

ISO 27001:2013 certification

Survio is accredited according to the ISO 27001 standard. This standard requires a systematic examination of all risks related to information security. We regularly update our information security policies to reduce the risk. The certification verifies that we follow international best practices for information security and that all information about our clients is safe. This proves to our customers that we take the security of their data very seriously.

GDPR

Protection of personal data in accordance with the GDPR

The processing and handling of stored personal data (including responses) complies with the strict rules imposed by the GDPR and European legislation (regulations and directives of the European Parliament, the EU Commission and the Council of Europe). As part of meeting the conditions of the GDPR directive, we have decided to voluntarily apply the strictest rules that exist throughout the EU, given by the German version. See our Privacy Policy for more information.

Digicert

OV SSL certificate

Every survey created in Survio is protected by a security certificate. Communication between the user’s device and Survio, creation of a survey, individual answers from respondents - everything is encrypted by an internationally recognized SSL certificate with extended validation, the so-called Organization Validated SSL certificate. This certificate was issued to us by the international authority DigiCert (formerly Symantec), which verifies the identities of certificate owners. It is therefore not possible to fake the certificate and issue it on behalf of Survio without our knowledge. The certificate is of such high quality that DigiCert insures the certificate we use for 1.5 million USD against its breaking.

Privacy Shield Framework

Privacy Shield Framework

The exchange of personal data between the European Union, the United States of America and Switzerland is subject to the data security and protection rules that Survio s.r.o. undertook to comply according to the Privacy Shield Framework set of regulations, which replaced the original Safe Harbor Framework. See the Privacy Shield website for more information.

Survio account security

All accounts in Survio are secured against theft or any unwanted manipulation. We strictly verify all requests as to whether they actually come from account holders. Thus, it is not possible to steal an account in Survio if the user observes the basic security rules.

Data access by Survio

Only the user - the owner of the account - may handle data related to this specific account. A regular employee of Survio s.r.o. does not have access to user accounts or their data. Only authorized developers of Survio s.r.o., who are properly trained in the field of data security and protection and are subject to strict security rules precisely set in the company’s internal processes and who have also signed the NDA, enter the system database. These people never work with user data, but focus exclusively on the functionality of the Survio system.

Data storage and backup

The created surveys and received answers are stored on the Microsoft Azure Cloud. Microsoft Azure Cloud also owns ISO 27000 certification, as well as SOC1 and SOC2 (US equivalent of ISO 27001). Some data are also stored on our servers located in the Czech Republic. Data is backed up regularly every day. Even during these transmissions, all data is encrypted.

Sender Policy Framework

The Sender Policy Framework method used by Survio serves to verify e-mail addresses. It is designed to detect forgery of senders’ addresses during e-mail delivery.

Payment security

All payments for the use of premium accounts and Survio application services are made on the exclusive representation of our partner cleverbridge AG, which meets the strictest rules of payment transactions. Specifically, these are:

  • PCI DSS Level 1

    PCI DSS Level 1

    (Payment Card Industry Data Security Standard) - currently the highest standard for securing on-line payments.

  • TLS

    TLS

    (Transport Layer Security) - sales and data transfer security that ensures that all information between your computer and Cleverbridge is encrypted and secured.

  • McAfee Secure

    McAfee Secure

    Cleverbridge has a security certificate from the internationally known McAfee antivirus program.

  • TRUSTe

    TRUSTe

    Cleverbridge payment system security award by an international authority in the Cloud Data Privacy Program Requirements.

  • ISAE 3402 Type II

    ISAE 3402 Type II

    Inspection and tests of operational procedures by a leading independent auditor

  • Revised Payment Services Directive (PSD2)

    Revised Payment Services Directive (PSD2)

    Survio s.r.o. meets all the rules under this amended directive, in connection with increased security of customers and non-cash payments made by these customers within the EU.

All on-line transactions are secured by state-of-the-art encryption layers and tests are regularly performed on the effectiveness of mechanisms to protect the confidentiality, authenticity and integrity of payment transaction information. Survio s.r.o. complies with the protection of personal data in the payment system subject to the rules of the GDPR and implements certified procedures for resolving incidents.

Incident management and problem solving

For unexpected events, Survio s.r.o. compiled a set of procedures on the basis of which the situation is investigated, the method of solution is determined, notifications are sent to all users in accordance with valid legal regulations, and the functionality of the system is restored.

  • System failure

    For these cases Survio s.r.o. established proven procedures that lead to an immediate solution to any problem in the 24/7/365 regime. Thanks to regular backups and synchronization, data can be restored from a backup.
  • Login issues

    In situations such as a forgotten password, Survio application prompts the user to enter a registration e-mail to which it will send a message with a password recovery link. No further information is required in this regard.
  • Problems in the application

    If the user encounters any problem in creating the survey, its settings, distribution, analysis of results, etc., Survio has a Help center, clearly arranged in descriptive articles, which can be used to solve the problem step by step. There are two ways for the required customer support consultation - to send an e-mail to support@survio.com or to create a specific request.

Survio s.r.o. takes care to keep its users as aware as possible in relation to the protection and security of their accounts.

Enter Survio

Login

Forgot Password?

Digicert

Sign up for free

Create a Survey

Digicert