Your Data,
Protected by Default
Enterprise-grade encryption, GDPR-aligned practices, and zero data sharing. Security is built in, not bolted on.
AES-256 Encryption
All survey data is encrypted at rest and in transit using AES-256, the same encryption standard used by financial institutions and government agencies. Your respondents' answers are protected from the moment they submit.
Secure Authentication
Industry-standard authentication with hashed passwords, secure session management, and optional OAuth via Google and Microsoft. Rate-limited login to prevent brute force attacks.
GDPR Compliance
GDPR-aligned data handling is built into every plan. We process data lawfully, collect only what's needed, and give respondents control over their information.
Zero Data Sharing
Your respondents' data is never sold, shared with third parties, or used for advertising. Data belongs to you and your organization exclusively.
Content Security Policy
Strict CSP headers with nonce-based script execution prevent cross-site scripting (XSS) and injection attacks. HSTS enforced for all connections.
Compliance Standards
SOC 2 Aligned
Our infrastructure and processes are designed to meet SOC 2 Trust Service Criteria for security, availability, and confidentiality.
ISO 27001 Practices
We follow ISO 27001 information security management practices, including risk assessment, access controls, and incident response procedures.
GDPR Data Handling
Data minimization, purpose limitation, and lawful processing built into every feature. Respondent data is processed only as necessary.
OWASP Top 10 Protection
Application-layer defenses against injection, broken authentication, XSS, and other OWASP Top 10 vulnerability categories.
Infrastructure Security
Security on Every Plan
AES-256 encryption, GDPR compliance, and all security features are included on every plan, including free.