Security Statement

Effective date: December 01, 2018

It is extremely important for us to protect your information and your customers ' information. We know you have questions about how we protect this information, so details about some frequently requested information about the information security of PaperSurvey are provided below.

Data Centers

We store our data and databases securely in DigitalOcean LLC datacenters in London, UK.

DigitalOcean datacenters are co-located in some of the most respected datacenter facility providers in the world. DigitalOcean leverages all of the capabilities of these providers including physical security and environmental controls to secure our infrastructure from physical threat or impact. Each site is staffed 24/7/365 with on-site physical security to protect against unauthorized entry.

Development

Our development team uses secure coding techniques and best practices focused on the top ten OWASP. Developers are formally trained in secure web application development methods.

Development, testing, and production environments are separated. All changes are peer reviewed and logged for performance, audit, and forensic purposes prior to deployment into the production environment.

Encryption

We encrypt your data in transit using secure TLS cryptographic protocols. The data is also encrypted at rest.

Breach Notification

Despite best efforts, no method of transmission over the Internet and no method of electronic storage is perfectly secure. We cannot guarantee absolute security. However, if PaperSurvey learns of a security breach, we will notify affected users so that they can take appropriate protective steps. Our breach notification procedures are consistent with our obligations under applicable country level, state and federal laws and regulations, as well as any industry rules or standards applicable to us. We are committed to keeping our customers fully informed of any matters relevant to the security of their account and to providing customers all information necessary for them to meet their own regulatory reporting obligations.

Logging and monitoring

Application and infrastructure systems log information to a centrally managed log repository for troubleshooting, security reviews, and analysis by authorized personnel. Logs are preserved in accordance with regulatory requirements. We will provide customers with reasonable assistance and access to logs in the event of a security incident impacting their account.

Backups

Automatic database backups are made several times a day. All backups are encrypted using a public-private key encryption and stored in multiple locations. Backups are stored for 6 months allowing to fully restore a system from any point of time.

Data removal

If you wish to stop using our the services, you may delete all your surveys from our platform.

By deleting a survey you are also removing all the uploaded files stored in our filesystems. We will still keep an encrypted database backup for 6 months until it is automatically removed.