Question 1

Where does Survicate store and host data?

Accepted Answer

All customer data is hosted on Amazon Web Services (AWS) infrastructure in the European Union.

Your data is processed and stored within EU data centers. If there is any transfer outside of the EU, it is done in line with Chapter V of GDPR.

Question 2

How does Survicate handle data retention and deletion?

Accepted Answer

By default, response data is stored for as long as your account is considered active, unless your pricing agreement has set specific retention periods with automatic deletion.

From the moment of creating the Account, and for a period of 12 months after deleting the Account, the data processed after deleting the Account are only for the purposes of backup for the Controller and are part of the Service provided after its termination, which is performed by Survicate.

When your data is considered deleted, it's permanently removed from our production systems. This includes all associated metadata and personal information. The deletion process is irreversible and aligns with GDPR's "right to erasure" requirements.

Question 3

What personal information does Survicate collect, and how is it protected?

Accepted Answer

We only collect personal data that you choose to gather through your surveys (names, email addresses, phone numbers, or custom attributes you pass from your systems).

All personal data (Personally Identifiable Information- PII) is encrypted at rest, and in transit using AES-256 encryption and segmented by workspace.

You can configure surveys to exclude any personal data (PII) by enabling anonymous response mode, which prevents the processing of any identifying/able information.

Question 4

How can I be sure Survicate helps me stay compliant in my country?

Accepted Answer

We maintain compliance with a number of privacy frameworks worldwide: GDPR (EU), CCPA/CPRA (US), LGPD (Brazil), PIPEDA (Canada), APPI (Japan), and Australia's Privacy Act.

Our Data Processing Agreements include standard contractual clauses for international data transfers. We regularly update our privacy practices as new regulations emerge.

For region-specific compliance questions, contact our privacy team at privacy@survicate.com.

Question 5

Have my users consented to their information being used as part of AI research?

Accepted Answer

Your feedback data is never used to train AI models or contribute to broader AI research.

We use pre-trained AI models from established providers, and your data only flows through these models for analysis specific to your workspace.

The AI processes your feedback to generate insights for you, but this processing doesn't improve the underlying AI or benefit anyone else.

Your users' responses remain private to your organization.

Question 6

How does Survicate ensure my data stays confidential?

Accepted Answer

Your data stays within Survicate's secure infrastructure unless you explicitly configure integrations to send it elsewhere (like HubSpot, Slack, or Salesforce).

We maintain confidentiality through workspace-level isolation (your data is never visible to other customers), encryption at rest and in transit, strict employee access controls, and contractual data processing agreements.

When you use AI features, data is processed in encrypted environments by partners contractually prohibited from retaining or using your data.

All data is hosted and processed within EU AWS regions. We also have a number of technical and organisational measures to ensure your data stays confidential - including ISO 27001 Certification.

Question 7

How do you ensure your AI understands the context behind my research?

Accepted Answer

Our AI features analyze feedback within the context you provide. Research Assistant and Insights Hub only access feedback sources you've connected to your workspace.

AI categorizes responses based on actual content patterns, not assumptions.

Every AI-generated insight includes citations linking back to the original feedback, so you can verify the context and accuracy yourself.

The AI doesn't make inferences beyond what's present in your data.

Safe, secure, and private

Built on a secure, resilient infrastructure with continuous monitoring, and detailed incident response procedures.

Control who accesses your data with SSO, SAML, 2FA, role-based permissions, and workspace isolation.

GDPR compliant with global privacy law coverage. You have control of the data you collect, and keep.

Train insights, not AI models. Rely on verifiable feedback, and never worry about your data crossing workspaces.

Frequently asked questions