Keep responses confidential with safeguards that uphold survey security

Run surveys and data collection workflows securely and keep responses confidential with SurveyCTO.

No matter how and where you collect data, we promise to provide tight security for your projects.

Our industry-leading security includes SOC-2 certification and GDPR compliance for our platform, plus a wide array of sophisticated options that allow users to implement security measures that meet the unique needs of their organization.

Get A Free Consultation
Start A Free Trial
Protect your survey data with SurveyCTO's survey security features

Secure survey software for mobile data collection

At SurveyCTO, data security is more than a feature or service. With our origins in international development, data security is a guiding principle that’s been a driving force since inception. After all, preserving the dignity and integrity of the people served in the social impact space means that data security is of the utmost importance.

Today, we continue to protect our users’ data across countless more industries. With our platform’s data security features, you can rest assured that the privacy of your surveys will not be compromised, regardless of where you work.

We go above and beyond industry standards on our platform, ensuring that your survey data is encrypted and inaccessible to unauthorized access during transmission and storage.

Protecting your collected data with the highest standards for data security

SurveyCTO is SOC 2 Type 2 certified for even greater adherence to high data security standards

SOC 2 Type 2 Certified

SurveyCTO is SOC 2 Type 2 certified, which means we meet even more rigorous standards for data security.
Read More
SurveyCTO is HIPAA compliant so you can rest assured patient is safeguarded to the highest standards https://www.hipaajournal.com/hipaa-rights/

HIPAA Compliant

Need a platform that's HIPAA compliant? Read our announcement to see how SurveyCTO meets HIPAA compliance.
Read More
SurveyCTO adheres to GDPR requirements in order to protect user and collected data.

GDPR Compliant

See how SurveyCTO complies with the EU’s General Data Protection Regulation (GDPR).
Read More

Adherence to IRB Guidelines

Our encryption and user access controls also enable rigorous adherence to guidelines set by Institutional Review Boards (IRBs).

Extensive data security features that safeguard users and respondents

End-to-end encryption for secure surveys and data

Add an additional layer of protection with our encryption capabilities.

SurveyCTO provides end-to-end, at-rest, and in-transit encryption for survey forms and datasets.

Our end-to-end encryption allows for the most robust and complete form of data protection. With it, you can make data unreadable and therefore protected, even from users in your own organization who don’t need to see the sensitive data you’re collecting.

Make your forms and data accessible only to users with a private encryption key that you generate and manage.

How to encrypt a form
SurveyCTO makes it easy to protect your surveys with passwords

Secure surveys with passwords

Password-protect your data collection forms by requiring users to log in before accessing them.

SurveyCTO has industry-standard password expiration and complexity requirements for all passwords: At least eight characters, one uppercase character, one special character, and annual expiration.

We also make these password requirements customizable by account admins, so they can be tailored to your organization’s standards.

Achieve survey security with custom secure sockets layer (SSL)

Your data is protected by SSL when being transmitted over the internet, and when it is downloaded by an end-user.

Our at-rest and in-transit encryption protects data against unauthorized outside access—including from our own site administrators.

SurveyCTO protects data during transmission with SSL
SurveyCTO enables SSO for frictionless, secure sign-in

Seamless single sign-on (SSO) functionality

Enable SSO (external authentication) so that users can only log in to your SurveyCTO account through an external provider like Google, Okta, or Microsoft Azure Active Directory.

Using our SSO feature means users don’t need to worry about managing a separate password.

You can also rely on your external provider to provide strong, multi-factor authentication options for added security.

User roles and team workspaces to restrict data access for survey security

Secure data collection doesn’t just mean safeguarding against typical cybersecurity concerns. It also means limiting who can access your workflows and data.

The nature of computer-assisted personal interviews (CAPI) means that many data collectors are typically needed to run a survey. And with many people accessing your organization’s workflows comes an inevitable increase in security concerns.

SurveyCTO has you covered with options for user roles, teams, and dedicated workspaces that let you keep your forms, data, and even settings secure by making them accessible to authorized users only.

SurveyCTO offers granular, customizable user roles to fit any organization's unique data access requirements
Require and enforce device security with SurveyCTO

Require and enforce device security for all users

Data security starts on the mobile devices used to collect data during fieldwork. Easily set up your account to require all of the following for your users:

  • Lock screen: Have users secure devices with a lock screen (PIN, pattern, fingerprint)
  • Device encryption: Leave this enabled on your users’ devices so that no one can remove a device’s SD card and gain access to your data
  • Prevent jailbroken or rooted devices: Jailbroken iOS devices and rooted Android devices are much less secure, so use this setting to ensure all devices are running safe, authentic software
  • Dedicated workspaces: A “dedicated” workspace contains forms and data for only a single account and helps to keep your server’s forms, data, and settings separated from other accounts you might have
  • Don’t allow any outside access: Ensure that the only way to access forms and data stored within a workspace is via SurveyCTO’s Collect app

Frequently Asked Questions

Survey security means safeguards used to protect survey data. Those safeguards are necessary to protect confidential survey data, which includes personal details, honest feedback, and sometimes highly sensitive information of survey respondents, like Personal Identifiable Information (PII).

Any loss of data or breach of data security can result in respondents losing trust in you. In some cases, it can directly compromise respondents’ physical safety.

You can ensure the security of your survey data by using a survey platform that provides features such as SSL encryption, SSO options, password protection, data export options, data deletion options, and data breach notifications.

SurveyCTO is one such survey platform that offers all of these features to keep your survey data safe and secure.

For data collection in international development, crisis-affected areas, and for social justice causes, there are many security threats. It is vital to ensure that there are no data breaches, which can occur when sensitive data shared by respondents gets leaked or stolen.

Some other common security threats to mobile data collection that impact all industries include phishing attacks, authentication errors, and survey fraud. With the rise in data breaches, organizations must take care to enforce proper security measures to protect their employees as well as their respondents. Using tools like SurveyCTO that adhere to stringent data security regulations and provide native data protections can help prevent against these threats.

Offline surveys are considered more secure than online surveys due to higher data security during collection. Responses collected via offline surveys are stored locally on the devices used to administer surveys, significantly reducing the chances of data breaches.

That said, there can still be a security hole in offline surveys if the devices storing data fall into the wrong hands or get lost.

Therefore, make sure to address any security concerns and enable password protection for your enumerators’ devices and the mobile survey app they are using to run secure surveys and data collection workflows.

SurveyCTO has a very robust set of options for large enterprises with stringent security requirements.

If your organization requires data to be self-hosted, please reach out to our sales team to learn more about how we can support you.

A common cause of data breaches in SaaS providers is due to multi-tenancy, where all customer data lives in a single, shared database. While this type of infrastructure enables organizations to scale faster and more affordably, it can also introduce risk due to the fact that unauthorized access to a database puts multiple organizations’ data at risk.

To mitigate this vulnerability—particularly important for organizations or industries like healthcare or finance where extremely sensitive data is captured—SurveyCTO provides single-tenant architecture for every user’s server. This structural difference means that any data you have stored in SurveyCTO servers won’t be accidentally accessed by other users, greatly reducing the likelihood of your data being leaked in data breaches.

See why leading organizations around the world trust SurveyCTO for their data collection

Get A Free Consultation
Start Your Free Trial