View/Export Results
Manage Existing Surveys
Create/Copy Multiple Surveys
Collaborate with Team Members
OR
Sign inSign in with Facebook
Sign inSign in with Google
Skip to main content

Key Takeaways

  1. Our current infrastructure uses multiple layers. At a high level, SuperSurvey currently operates with Cloudflare, Amazon Web Services (AWS), and dedicated servers for selected workloads.
  2. We use a layered security approach. That includes transport encryption, access controls, logging and monitoring, operational review, backups or recovery measures, and anti-abuse protections designed to reduce risk.
  3. We collect only the data needed to run and protect the service. That can include account details, survey content, response data, and limited technical metadata used for authentication, fraud prevention, integrity, support, and reporting.
  4. Customers remain in control of the surveys they create. They decide what questions to ask, what respondent information to request, and when to delete survey data, subject to backups, billing, fraud prevention, and legal retention needs.
  5. We avoid overstating compliance. We describe current practices at a high level, and we only represent specific certifications, formal compliance positions, or accessibility conformance when we can substantiate them.

Who is this for? Customers evaluating SuperSurvey, procurement and security reviewers, legal teams, and anyone who wants a plain-language summary of how we think about security, privacy, and accessibility.

Scope and legal positioning

This page is a high-level summary of SuperSurvey's current security and privacy practices. It is intended to help customers understand our approach, but it is not an exhaustive technical specification and it does not replace your contract, terms of service, data processing terms, or any other legally binding agreement that may apply to your account.

Because security depends on implementation details, user behavior, survey configuration, third-party services, and ongoing operational changes, no website or online platform can guarantee absolute security. We use commercially reasonable measures designed to reduce risk, improve resilience, and protect the confidentiality and integrity of the service.

Why this page is written at a high level

We want to be transparent without publishing a checklist that would expose unnecessary implementation detail. Specific controls, providers, and internal procedures may change as the platform evolves.

Infrastructure and hosting

SuperSurvey currently uses a mixed infrastructure model. At a high level, our stack includes Cloudflare, Amazon Web Services (AWS), and dedicated servers. We use this layered approach to balance performance, operational flexibility, and security across customer-facing traffic, application workloads, storage, and supporting services.

Our infrastructure and provider mix may change over time as we improve the service, replace components, expand capacity, or refine operational practices. For that reason, this page describes our hosting model at a summary level rather than listing every underlying service or region.

Cloudflare

Used at the edge to help with traffic handling, performance, and front-line network protections for public-facing traffic.

Amazon Web Services (AWS)

Used for parts of the application and infrastructure stack where cloud services are appropriate for scale, reliability, and operational management.

Dedicated servers

Used for selected workloads where dedicated infrastructure or direct operational control is the better fit for the service.

What this means in practice

  • There is no single provider dependency for every part of the service.
  • Infrastructure design can evolve without changing our overall commitment to secure operation and responsible data handling.
  • We may also rely on specialist third-party providers for limited functions such as payments, communications, support, monitoring, or analytics where appropriate.

Security practices

Security is an ongoing operational process, not a single feature. We use layered administrative, technical, and operational measures designed to help protect the service and reduce the likelihood of unauthorized access, manipulation, or disruption.

Encryption in transit

We use HTTPS/TLS for supported customer-facing traffic so data transmitted to and from the service is protected in transit.

Access management

Administrative and support access is limited to authorized personnel with a business need, and that access is managed through internal operational controls.

Logging and monitoring

We maintain operational and security-relevant logs and monitoring to help detect platform issues, investigate suspicious activity, and support service reliability.

Anti-abuse and response integrity

We use a range of automated and manual measures to reduce spam, bots, fraudulent submissions, and manipulation of survey responses or public voting activity.

Patching and remediation

We review software and infrastructure changes as part of ongoing operations and work to address vulnerabilities, misconfigurations, and defects in a commercially reasonable manner.

Backups and recovery

We maintain backup or recovery measures appropriate to the systems involved so we can respond to operational failures, accidental deletion, or other service-impacting events.

A note on security claims

We do not claim that SuperSurvey is invulnerable, "unhackable," or risk-free. Security work is continuous, and defenses are updated as threats, features, and infrastructure change.

Privacy and data handling

SuperSurvey's business is providing survey software, not monetizing customer survey responses. We do not sell customer survey content or respondent answers to third parties. We process personal information to operate the service, support customers, maintain security, prevent abuse, process billing, improve reliability, and comply with applicable law.

Types of data we may collect

Account and billing information.
This can include name, email address, organization details, account settings, authentication details, and billing or transaction-related information.

Survey and response data.
This can include the questions you create, the content you upload, the answers respondents submit, response metadata, and reports generated from that content.

Technical and security-related data.
This can include IP address, timestamps, browser or device information, referrer data, cookies or session information, and other signals reasonably needed for authentication, abuse prevention, diagnostics, and service integrity.

Support and communication records.
If you contact us, we may keep records of those communications to respond to your request, document issues, and improve support quality.

How data is used

  • Provide and maintain the survey platform
  • Authenticate users and secure accounts
  • Detect fraud, spam, abuse, and response manipulation
  • Generate analytics, reports, and product functionality requested by customers
  • Respond to support, legal, security, or privacy inquiries
  • Comply with legal obligations and enforce our terms

Customer role and respondent role

In many use cases, the customer who creates a survey decides what data to collect and why it is being collected. In those cases, the customer is generally responsible for the survey notice, consent or lawful basis where required, and the content of the survey itself. SuperSurvey provides the platform used to create, distribute, and manage that survey. Roles and legal responsibilities can vary based on the jurisdiction, contract, and use case.

Respondents with privacy questions

If you completed a survey hosted on SuperSurvey and have a question about that survey's content or purpose, contact the survey owner first where possible. We may also assist where required by law, contract, or operational necessity.

Retention and deletion

Customers can manage or delete their survey content and account information through available product tools or by contacting us, depending on the feature and account state. Retention periods can vary based on the type of data, account status, operational backups, security investigations, billing records, dispute handling, and legal obligations.

Retention principles

  1. Customer-controlled deletion where possible: account owners should be able to remove surveys or accounts using the tools made available to them.
  2. Backups and logs may persist temporarily: deletion from the live service may not mean immediate removal from every backup or log system.
  3. Limited records may be kept longer: we may retain certain records for billing, fraud prevention, dispute resolution, security, or legal compliance.
  4. Export before deletion: customers should keep copies of any data they need before requesting permanent deletion of an account or survey.

Accessibility

We want SuperSurvey's website content and core product experiences to be usable by as many people as reasonably possible, including people who rely on keyboard navigation, zoom, screen readers, captions, or other assistive technologies. Accessibility is an ongoing practice, and we review content and interface changes with modern web accessibility standards in mind.

Semantic structure

We aim to use clear headings, landmarks, labels, link text, and other semantic markup that improves navigation and screen reader support.

Keyboard and focus

We aim to support keyboard navigation, logical focus order, and visible focus indicators in key site and product experiences.

Readability and contrast

We review text contrast, responsive layout, zoom behavior, and interface clarity to make content easier to perceive and use across devices.

Forms and interaction

We work to improve labels, instructions, error messaging, and interaction patterns so common tasks are easier to complete accessibly.

Our accessibility work is guided by WCAG 2.2 Level AA as a practical benchmark for web content and interface review. Unless we explicitly state otherwise, this page should not be read as a separate certification or warranty that every page, custom survey, embed, or third-party integration fully conforms in every scenario.

If you encounter an accessibility issue, please contact us and include the page or feature, the device or browser you used, and any assistive technology involved so we can investigate.

Enterprise requests, procurement, and legal review

We understand that larger organizations may need additional diligence before adopting a survey platform. If your team has security, privacy, procurement, or legal review requirements, contact us and describe your use case so we can route the request appropriately.

What we can generally discuss

  • High-level infrastructure and hosting information
  • Privacy and data-handling practices described on this page
  • Deletion and retention expectations
  • Reasonable due-diligence and vendor questionnaire requests
  • Commercial or contractual questions relevant to your evaluation

Availability of custom documentation, contract terms, or security review responses may depend on your plan, transaction size, jurisdiction, and the nature of your deployment.

No implied certification claims

This page is intentionally written to avoid implying certifications, attestations, or regulatory compliance positions that are not expressly stated and supported by SuperSurvey.

Frequently asked questions

Where is SuperSurvey hosted?

At a high level, SuperSurvey currently uses Cloudflare, Amazon Web Services (AWS), and dedicated servers. Specific services, regions, and architecture details may change over time as the platform evolves.

Do you sell customer or respondent data?

No. SuperSurvey does not sell customer survey content or respondent answers to third parties as part of its service model.

What technical data may be collected for security or integrity purposes?

Depending on the feature and context, we may collect signals such as IP address, timestamps, browser or device details, referrer data, session data, and similar technical information used to authenticate users, prevent abuse, diagnose problems, and help protect survey integrity.

Can customers delete their data?

Yes. Customers can use available account tools or contact us regarding deletion, but backups, logs, billing records, security investigations, and legal obligations may require certain records to be retained for a limited time.

Do you claim formal certifications or full regulatory compliance on this page?

No. This page is designed to communicate current practices without overstating them. We only make specific certification, attestation, or formal compliance claims when we can substantiate them in writing.

How can I report a security, privacy, or accessibility concern?

Please contact us with relevant details, including the page or feature involved, the issue you observed, and any steps needed to reproduce it. We review credible reports in the ordinary course of operations.

Questions from your security, legal, or procurement team?

If you are evaluating SuperSurvey for business or enterprise use, send us your security, privacy, accessibility, or procurement questions and we will route them to the right team.

Please include your organization name, expected use case, and any required review documents or questionnaires so we can respond more efficiently.

About This Page

SuperSurvey Security & Privacy Team

This page is maintained by the team responsible for SuperSurvey's platform operations, privacy practices, and customer due-diligence responses. We review and update it when material changes are made to our infrastructure, security practices, accessibility approach, or data-handling commitments.