Effective date: January 14, 2021
It is extremely important for us to protect your information and your customers ' information. We know you have questions about how we protect this information, so details about some frequently requested information about the information security of PaperSurvey are provided below.
We store our data and databases securely in DigitalOcean LLC datacenters in Amsterdam, Netherlands.
DigitalOcean datacenters are co-located in some of the most respected datacenter facility providers in the world. DigitalOcean leverages all of the capabilities of these providers including physical security and environmental controls to secure our infrastructure from physical threat or impact. Each site is staffed 24/7/365 with on-site physical security to protect against unauthorized entry.
Our development team uses secure coding techniques and best practices focused on the top ten OWASP. Developers are formally trained in secure web application development methods.
Development, testing, and production environments are separated. All changes are peer reviewed and logged for performance, audit, and forensic purposes prior to deployment into the production environment.
We encrypt your data in transit using secure TLS v1.2 cryptographic protocols. The data is also encrypted at rest.
Despite best efforts, no method of transmission over the Internet and no method of electronic storage is perfectly secure. We cannot guarantee absolute security. However, if PaperSurvey learns of a security breach, we will notify affected users so that they can take appropriate protective steps. Our breach notification procedures are consistent with our obligations under applicable country level, state and federal laws and regulations, as well as any industry rules or standards applicable to us. We are committed to keeping our customers fully informed of any matters relevant to the security of their account and to providing customers all information necessary for them to meet their own regulatory reporting obligations.
We strive for a 99.99% uptime across all our products and to support that, we employ a variety of tools to accurately monitor and report on any anomaly that could impact the delivery of our services.
Logging and monitoring
Application and infrastructure systems log information to a centrally managed log repository for troubleshooting, security reviews, and analysis by authorized personnel. Logs are preserved in accordance with regulatory requirements. We will provide customers with reasonable assistance and access to logs in the event of a security incident impacting their account.
Automatic database and filesystems backups are made several times a day. All our backups are encrypted using a public-private key encryption and stored in multiple geographical locations. The private keys are stored on offline data storage that may only be accessed in case of critical accident or customer request to restore data. Backups are stored for 6 months allowing to fully restore a system from any point of time. In case you have accidentally removed your survey data, it may be restored for an additional cost up to 6 months.
Reporting Security Issues
We understand that security is essential in maintaining the trust you place in us to provide products and services to you. Although our team works vigilantly to help keep customer information secure, we recognize the important role that security researchers and our user community play in helping to keep our users secure. If you are a security researcher and have discovered a security vulnerability in our website or service, we ask for your help in disclosing it to us in a responsible manner. If you discover a vulnerability or are a customer who is concerned your account has been compromised, please notify us via firstname.lastname@example.org.
If you wish to stop using our the services, you may delete all your surveys from our platform.
By deleting a survey you are also removing all the uploaded files stored in our filesystems. We will still keep an encrypted database and filesystem backup for 6 months until it automatically expires and gets removed.