Trust & security

Straight answers about how your data is handled

Here's what's actually in place today, and — just as plainly — what isn't yet. We'd rather under-promise than imply a certification we don't hold.

In place today

  • Encryption in transit with TLS on every connection
  • Encryption at rest with AES-256; PII encrypted in the database
  • Immutable audit logs of access and key actions
  • GDPR and CCPA data deletion support, for account and respondent data
  • Hosted on Amazon Web Services (AWS)
  • AI-based fraud traps and duplicate/attention detection in the survey runtime
  • Single sign-on (SSO) — available on Enterprise
  • Role-based access with client viewer (read-only) seats

On the roadmap — not yet in place

We list these explicitly so nothing above is mistaken for a current guarantee. If one of these is a requirement for you, contact us and we'll share our honest timeline.

  • SOC 2 Type II attestation
  • Advanced organization admin and audit controls beyond current logs
  • Contracted uptime SLAs outside of Enterprise agreements
  • Additional regional data-residency options

Data ownership & deletion

You own the surveys and response data you create. Surveti processes it to run the service on your behalf. You can export your data at any time, and we support GDPR and CCPA deletion requests for both account data and survey response data. Details are in our Privacy Policy.

Need to complete a security questionnaire or vendor review? We'll answer it directly — email security@surveti.com.

Have a security question we didn't cover?

We answer vendor reviews and security questionnaires directly — no runaround.