SurveyMonkey Logo
  • Surveys
  • SurveyMonkey

    Create & send surveys with the world’s leading online survey software

  • Enterprise

    Empower your organization with our secure survey platform

  • Integrations & Plug-ins

    Bring survey insights into your business apps

  • Specialized products
  • Audience

    Collect survey responses from our global consumer panel

  • CX

    Understand & improve customer experience (NPS®)

  • Engage

    Understand & increase employee engagement

  • Usabilla

    Get in-the-moment feedback across all digital channels

  • TechValidate

    Create marketing content from customer feedback

  • Apply

    Collect, review & manage applications online

  • Wufoo

    Gather data & payments with online forms

  • GetFeedback

    Customer feedback for Salesforce

  • View all products
    Survey Types
  • Customer SatisfactionCustomer LoyaltyEvent Surveys
  • Employee EngagementJob SatisfactionHR Surveys
  • Market ResearchOpinion PollsConcept Testing
  • People Powered Data for business
  • Customers

    Win more business with Customer Powered Data

  • Employees

    Build a stronger workforce with Employee Powered Data

  • Markets

    Validate business strategy with Market Powered Data

  • Solutions for teams
  • Customer Experience

    Delight customers & increase loyalty through feedback

  • Human Resources

    Improve your employee experience, engagement & retention

  • Marketing

    Create winning campaigns, boost ROI & drive growth

  • Explore more survey types
  • Resources

    Best practices for using surveys & survey data

  • Curiosity at Work

    Our blog about surveys, tips for business, & more

  • Help Center

    Tutorials & how-to guides for using SurveyMonkey

  • Explore our 180+ survey templates
    Plans & Pricing
    Log inSign up
    • Overview
    • Terms of Use
    • Governing Services Agreement
    • Service-Specific Terms
    • Privacy Basics
    • Privacy Notice
    • Cookies
    • Cookies Used on Survey Pages
    • Acceptable Uses Policy
    • Security
    • General

    Did you know?

    63% of people consider a company's privacy and security history before using their products or services.

    Security Statement

    LAST UPDATED: JULY 7, 2020

    This Security Statement applies to the products, services, websites and apps offered by SurveyMonkey Inc., SurveyMonkey Europe UC, SurveyMonkey Brasil Internet Ltda. and their affiliates (collectively “SurveyMonkey”), which are branded as “SurveyMonkey” and “Wufoo”, except where otherwise noted. We refer to those products, services, websites and apps collectively as the “services” in this Statement. This Security Statement also forms part of the user agreements for SurveyMonkey and Wufoo customers.

    SurveyMonkey values the trust that our customers place in us by letting us act as custodians of their data. We take our responsibility to protect and secure your information seriously and strive for complete transparency around our security practices detailed below. Our Privacy Policy also further details the ways we handle your data.

    Physical Security

    SurveyMonkey’s information systems and technical infrastructure are hosted within world-class, SOC 2 accredited data centers. Physical security controls at our data centers include 24x7 monitoring, cameras, visitor logs, entry requirements, and dedicated cages for SurveyMonkey hardware.

    Compliance

    SurveyMonkey, Wufoo, and SurveyMonkey Apply are compliant with the Payment Card Industry’s Data Security Standards (PCI DSS 3.2) and can therefore accept or process credit card information securely in accordance with these standards. SurveyMonkey re-certifies this compliance annually. SurveyMonkey has achieved ISO 27001 certification.

    Access Control

    Access to SurveyMonkey’s technology resources is only permitted through secure connectivity (e.g., VPN, SSH) and requires multi-factor authentication. Our production password policy requires complexity, expiration, and lockout and disallows reuse. SurveyMonkey grants access on a need to know on the basis of least privilege rules, reviews permissions quarterly, and revokes access immediately after employee termination.

    Security Policies

    SurveyMonkey maintains and regularly reviews and updates its information security policies, at least on an annual basis. Employees must acknowledge policies on an annual basis and undergo additional training such as HIPAA training, Secure Coding, PCI, and job specific security and skills development and/or privacy law training for key job functions. The training schedule is designed to adhere to all specifications and regulations applicable to SurveyMonkey.

    Personnel

    SurveyMonkey conducts background screening at the time of hire (to the extent permitted or facilitated by applicable laws and countries). In addition, SurveyMonkey communicates its information security policies to all personnel (who must acknowledge this) and requires new employees to sign non-disclosure agreements, and provides ongoing privacy and security training.

    Dedicated Security Personnel

    SurveyMonkey also has a dedicated Trust & Security organization, which focuses on application, network, and system security. This team is also responsible for security compliance, education, and incident response.

    Vulnerability Management and Penetration Tests

    SurveyMonkey maintains a documented vulnerability management program which includes periodic scans, identification, and remediation of security vulnerabilities on servers, workstations, network equipment, and applications. All networks, including test and production environments, are regularly scanned using trusted third party vendors. Critical patches are applied to servers on a priority basis and as appropriate for all other patches.

    We also conduct regular internal and external penetration tests and remediate according to severity for any results found.

    Encryption

    We encrypt your data in transit using secure TLS cryptographic protocols. SurveyMonkey and Wufoo data is also encrypted at rest.

    Development

    Our development team employs secure coding techniques and best practices, focused around the OWASP Top Ten. Developers are formally trained in secure web application development practices upon hire and annually.

    Development, testing, and production environments are separated. All changes are peer reviewed and logged for performance, audit, and forensic purposes prior to deployment into the production environment.

    Asset Management

    SurveyMonkey maintains an asset management policy which includes identification, classification, retention, and disposal of information and assets. Company-issued devices are equipped with full hard disk encryption and up-to-date antivirus software. Only company-issued devices are permitted to access corporate and production networks.

    Information Security Incident Management

    SurveyMonkey maintains security incident response policies and procedures covering the initial response, investigation, customer notification (no less than as required by applicable law), public communication, and remediation. These policies are reviewed regularly and tested bi-annually.

    Breach Notification

    Despite best efforts, no method of transmission over the Internet and no method of electronic storage is perfectly secure. We cannot guarantee absolute security. However, if SurveyMonkey learns of a security breach, we will notify affected users so that they can take appropriate protective steps. Our breach notification procedures are consistent with our obligations under applicable country level, state and federal laws and regulations, as well as any industry rules or standards applicable to us. We are committed to keeping our customers fully informed of any matters relevant to the security of their account and to providing customers all information necessary for them to meet their own regulatory reporting obligations.

    Information Security Aspects of Business Continuity Management

    SurveyMonkey’s databases are backed up on a rotating basis of full and incremental backups and verified regularly. Backups are encrypted and stored within the production environment to preserve their confidentiality and integrity and are tested regularly to ensure availability. Furthermore, SurveyMonkey maintains a formal Business Continuity Plan (BCP). The BCP is tested and updated on a regular basis to ensure its effectiveness in the event of a disaster.

    Your Responsibilities

    Keeping your data secure also requires that you maintain the security of your account by using sufficiently complicated passwords and storing them safely. You should also ensure that you have sufficient security on your own systems. We offer TLS to secure the transmission of survey responses, but you are responsible for ensuring that your surveys are configured to use that feature where appropriate. For more information on securing your surveys, visit our Help Center. This article is written for SurveyMonkey customers but some of the guidance will apply equally to our Wufoo customers.

    Logging and Monitoring

    Application and infrastructure systems log information to a centrally managed log repository for troubleshooting, security reviews, and analysis by authorized SurveyMonkey personnel. Logs are preserved in accordance with regulatory requirements. We will provide customers with reasonable assistance and access to logs in the event of a security incident impacting their account.

    • Community:
    • Developers
    • Facebook
    • Twitter
    • LinkedIn
    • Our Blog
    • Instagram
    • YouTube
    • About Us:
    • Leadership Team
    • Board of Directors
    • Investor Relations
    • App Directory
    • Newsroom
    • Office Locations
    • Jobs
    • Sitemap
    • Help
    • Policies:
    • Terms of Use
    • Privacy Notice
    • California Privacy Notice
    • Acceptable Uses Policy
    • Security Statement
    • GDPR Compliance
    • Email Opt-In
    • Accessibility
    • Cookies Notice
    • Use Cases:
    • Online Polls
    • Facebook Surveys
    • Survey Template
    • Scheduling Polls
    • Google Forms vs. SurveyMonkey
    • Employee Satisfaction Surveys
    • Free Survey Templates
    • Mobile Surveys
    • How to Improve Customer Service
    • AB Test Significance Calculator
    • NPS Calculator
    • Questionnaire Templates
    • Event Survey
    • Sample Size Calculator
    • Writing Good Surveys
    • Likert Scale
    • Survey Analysis
    • 360 Degree Feedback
    • Education Surveys
    • Survey Questions
    • NPS Calculation
    • Customer Satisfaction Survey Questions
    • Agree Disagree Questions
    • Create a Survey
    • Online Quizzes
    • Qualitative vs Quantitative Research
    • Customer Survey
    • Market Research Surveys
    • NPS Survey
    • Survey Design Best Practices
    • Margin of Error Calculator
    • Questionnaire
    • Demographic Questions
    • Training Survey
    • Offline Survey
    • 360 Review Template
    Copyright © 1999-2021 SurveyMonkey
    BBBOnlineMcAfee SECURE sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams