Security

Your data security is our highest priority

Our Security Commitment

At SurveyMint, we understand that the security of your data is paramount. We implement industry-leading security measures to protect your information and maintain the trust you place in us. Our security program is comprehensive, regularly audited, and continuously improved.

SOC 2 Type II Certified

Independently audited and certified for security, availability, and confidentiality.

ISO 27001 Compliant

Our information security management system meets international standards.

Data Encryption

Encryption in Transit

All data transmitted between your device and our servers is encrypted using:

  • TLS 1.3 (Transport Layer Security)
  • Perfect Forward Secrecy (PFS)
  • 256-bit encryption keys
  • HSTS (HTTP Strict Transport Security) enabled

Encryption at Rest

All stored data is encrypted using:

  • AES-256 encryption for databases
  • Encrypted file storage
  • Encrypted backups
  • Separate encryption keys per tenant

Authentication & Access Control

Secure Authentication

  • Password hashing using bcrypt with adaptive cost factor
  • Secure session management
  • Automatic session expiration
  • Protection against brute force attacks
  • Account lockout after failed attempts

Role-Based Access Control (RBAC)

  • Principle of least privilege access
  • Fine-grained permission controls
  • Regular access reviews
  • Audit logging of all access attempts

Infrastructure Security

Cloud Infrastructure

We use industry-leading cloud providers (AWS/Google Cloud) with SOC 2 Type II certification, ensuring enterprise-grade security and reliability.

Network Security

  • Firewalls and intrusion detection systems
  • DDoS protection
  • Network segmentation
  • Regular penetration testing

Database Security

  • Encrypted connections
  • Automated backups
  • Point-in-time recovery
  • Database activity monitoring

Application Security

Our application security measures include:

  • Secure coding practices following OWASP guidelines
  • Regular security code reviews
  • Automated vulnerability scanning
  • Dependency scanning and updates
  • Input validation and sanitization
  • Protection against SQL injection, XSS, and CSRF attacks
  • Content Security Policy (CSP) implementation
  • Regular third-party security audits

Monitoring & Incident Response

24/7 Security Monitoring

  • Real-time threat detection
  • Automated security alerts
  • Comprehensive logging and audit trails
  • Anomaly detection systems

Incident Response Plan

We maintain a comprehensive incident response plan that includes:

  • Dedicated security team on standby
  • Defined escalation procedures
  • Rapid containment protocols
  • Transparent communication with affected users
  • Post-incident analysis and improvements

Employee Security

  • Background checks for all employees
  • Regular security awareness training
  • Strict access controls and monitoring
  • Confidentiality agreements
  • Secure equipment and workstation policies
  • Immediate access revocation upon departure

Compliance & Certifications

GDPR Compliant

Full compliance with EU data protection regulations

CCPA Compliant

California Consumer Privacy Act compliance

SOC 2 Type II

Independently audited security controls

ISO 27001

Information security management certified

Data Backup & Recovery

  • Automated daily backups
  • Encrypted backup storage
  • Geographically distributed backup locations
  • Regular backup testing and restoration drills
  • 99.9% uptime SLA
  • Disaster recovery plan with RTO/RPO targets

Best Practices for Users

Help Us Keep Your Account Secure

  • Use a strong, unique password
  • Never share your password or login credentials
  • Log out from shared devices
  • Keep your contact information up to date
  • Report suspicious activity immediately
  • Review your account activity regularly

Responsible Disclosure

We welcome security researchers to help us maintain the security of our platform. If you discover a security vulnerability, please:

  • Email us at security@surveymint.io
  • Provide detailed information about the vulnerability
  • Give us reasonable time to address the issue before public disclosure
  • Do not access or modify user data without permission

We commit to acknowledging your report within 48 hours and will keep you updated on our progress.

Contact Our Security Team

For security-related questions or concerns, please contact:

Security Team: security@surveymint.io

General Support: hi@surveymint.io

Response Time: Critical issues within 1 hour, all others within 24 hours

← Back to Home