60 Atlantic Avenue, Toronto

security.hero.title

security.hero.subhead

security.hero.tagline

Security Architecture

security.pillar.1.title

security.pillar.1.description

Separate database per tenant for complete isolation
Anonymous polling: no respondent PII stored
Interview metadata isolated per tenant
Protected references to prevent unauthorized access

security.pillar.2.title

security.pillar.2.description

Industry-standard encryption for all connections
Secure session management with protection against common attacks
File storage encrypted at rest on enterprise cloud infrastructure
Two-factor authentication (2FA) support
Role-based access control (RBAC) with granular permissions

security.pillar.3.title

security.pillar.3.description

All user actions logged (create, read, update, delete)
Data access tracking (who viewed what, when)
Permission changes audited
Interview quality flags logged with reasons
Exportable audit reports for compliance reviews

security.pillar.4.title

security.pillar.4.description

Anonymous response collection (no PII stored)
Compartmentalized access for confidential projects
Blind field operations: canvassers see questionnaires but not client/sponsor identity
GPS validation without linking location to respondent identity

security.pillar.5.title

security.pillar.5.description

Daily automated backups with multi-week retention
Real-time system monitoring and alerting
Geographic redundancy with automated failover
99.9% uptime SLA with public status page

Compliance Readiness

Meeting Global Standards

GDPR

Architecture Ready

EU General Data Protection Regulation

Right to erasure: Automated deletion workflows with verification
Right to data portability: Export in machine-readable formats (CSV, JSON, SPSS)
Data protection by design: Complete tenant isolation and anonymous polling
Security of processing: End-to-end encryption, RBAC, and 2FA

SOC 2 Type II

In Progress

Service Organization Control 2

Security: Encryption, access control, audit logs
Availability: 99.9% uptime SLA, automated backups
Confidentiality: Tenant isolation, role-based access
Processing Integrity: Data validation, quality controls

HIPAA

Architecture Supports

For Healthcare Research

PollZapper's architecture supports HIPAA-compliant polling when configured properly. Business Associate Agreement (BAA) available on Enterprise and Agency plans.

21 CFR Part 11

Audit Trail Support

FDA Electronic Records

Comprehensive audit logging supports FDA requirements for electronic records and signatures. Suitable for clinical trial polling and research.

Data Ownership & Portability

You Own Your Data. Period.

PollZapper does not claim ownership of your polling data, questionnaires, or results. You can export everything at any time.

Export raw response data in CSV, Excel, or SPSS (.sav) formats
Export questionnaire definitions as JSON for platform migration
Export sampling frames and metadata for reproducibility
Export reports as PDF or Excel with your custom branding
Agency plan: Cryptographic hashes for tamper-proof verification
Data retention: Your choice—delete anytime or retain indefinitely

Common Questions

Security FAQ

Where is my data stored?

Primary hosting: Google Cloud Platform (US). Regional data residency options available on Agency plan for EU, UK, Canada, or Australia hosting.

Can PollZapper access my data?

No. PollZapper employees do not have routine access to tenant databases. Access is granted only for explicit support requests with your consent, and all access is logged.

What happens to my data if I cancel?

You can export all data before cancellation. We retain your data for 30 days (recoverable if you resubscribe), then permanently delete it. Request immediate deletion anytime.

Is respondent data anonymous?

Yes. PollZapper does not store respondent PII unless you explicitly collect it via custom questions. Interview metadata (GPS, timestamp) is not linked to respondent identity.

Do you have a HIPAA BAA?

Yes, Business Associate Agreements are available on Enterprise and Agency plans. Contact sales to execute a BAA for healthcare research projects.

How do I report a security vulnerability?

Email [email protected] with details. We follow responsible disclosure and acknowledge reports within 48 hours.

Questions About Security?

Our team is here to help with compliance, security reviews, and custom configurations.

Contact Security Team View All Features

Get In Touch

60 Atlantic Avenue, Toronto, ON. M6K 1X9 Canada

Quick Links

Regions

We use cookies

This website uses cookies in order to enhance the overall user experience.

Take a look at our Cookies Policy for more information.

Customize

Essential cookies

There are some cookies that we have to include in order for certain web pages to function. For this reason, they do not require your consent.

pollzapper_cookie_consent

1 year 1 month 1 day

Used to store the user's cookie consent preferences.
pollzapper_session

2 hours

Used to identify the user's browsing session.
XSRF-TOKEN

2 hours

Used to secure both the user and our website against cross-site request forgery attacks.

More details

Analytics cookies

We use these for internal research on how we can improve the service we provide for all our users. These cookies assess how you interact with our website.

_ga

2 years 2 months 2 days

Main cookie used by Google Analytics, enables a service to distinguish one visitor from another.
_ga_025035SK8R

2 years 2 months 2 days

Used by Google Analytics to persist session state.
_gid

1 day

Used by Google Analytics to identify the user.
_gat

1 minute

Used by Google Analytics to throttle the request rate.