Privacy Policy

Survs is an online survey tool (the "Service") provided through the website survs.com (the "Website"). Survs is owned and operated by Enough Pepper, Lda. ("we", "us", or "our"). For the purposes of this Privacy Policy: An entity or person that creates surveys is referred to as a "Creator" or "Survey Creator". A person who responds to surveys is referred to as a "Respondent". Survs is committed to protecting user privacy. This Privacy Policy explains what information we collect, how we use it, and the measures we take to safeguard it. Since the information we receive from Survey Creators and Respondents differs, certain sections of this Privacy Policy provide specific details for each group.

1. Information We Collect

Information Collected Directly from Creators

Survs collects information from Creators through various means, including:

  • Account registration: To create surveys, Creators must register for a Survs account. During this process, we collect the Creator’s username, email address, password, and time zone.
  • Billing information: When a Creator upgrades to a paid plan, we collect the Creator’s name, and billing address. Our payment processor will collect the financial information necessary to process payments, such as the payment card number. Please note, that we do not store payment card information on our servers.
  • Address book: Creators can import email addresses into a contact list to send survey invitations. These email addresses are used solely for distributing survey invitations on behalf of the Creator.
  • Survey data: Survs stores survey data (questions and responses) and provides tools for survey analysis.

Information Collected Directly from Respondents

Survs collects data from Respondents when they participate in surveys hosted on behalf of and under the instructions of a Survey Creator:

  • Survey responses: We collect and store responses submitted by Respondents. Survey Creators own and control this data. Respondents with questions about how their responses are used should contact the Survey Creator directly, as they may have their own privacy policies.
  • Email addresses: If a Survey Creator provides email addresses for survey invitations, we collect and use them exclusively for that purpose. Respondents can opt out of receiving future survey invitations.

Information Collected Indirectly from Creators and Respondents

  • Analytics data: Like most online platforms, we collect certain analytics data automatically. This includes IP address and browser type. This information is anonymized and used solely for internal analysis.

2. Legal Basis for Processing Personal Information

We process personal information in accordance with the General Data Protection Regulation (GDPR). The legal bases for processing depend on the type of data and how we use it. These include:

  • Contractual necessity. When processing is necessary to provide the Service, such as: Registering and maintaining user accounts; Processing payments for paid plans; Providing customer support.
  • Legitimate interests. When processing is necessary for our legitimate business interests, provided it does not override users’ rights, such as: Improving and securing our platform; Preventing fraud and ensuring security; Conducting internal analytics and service improvements.
  • Consent. When users provide explicit consent, such as: Receiving marketing emails and promotions.
  • Legal obligations. When processing is required to comply with applicable laws, such as: Responding to legal requests from authorities; Retaining billing records for tax compliance.

3. How We Use the Information

For Creators

We process personal data about Creators for the following purposes:

  • To provide and improve our services. This includes enabling Creators to design, distribute, and analyze surveys.
  • To enforce our Terms of Service. We may use information to detect, prevent, or address fraudulent, unauthorized, or unlawful activities.
  • To communicate with Creators about their account and service-related matters. This includes: Service announcements, such as updates or changes to our platform and policies; Billing-related notifications; A welcome email upon registration.
  • For marketing purposes. If a Creator has provided consent, we may send promotional communications regarding new features or relevant updates. Creators can opt out of these communications at any time through their profile settings.

For Respondents

All information provided by Respondents in response to a survey is made available to the Survey Creator. Since Survey Creators own and control survey responses, we handle this data as private to them.

  • Survey responses are managed by the Survey Creator. The Survey Creator determines how responses are collected, stored, and used. Respondents with questions about their data should contact the Survey Creator directly.
  • Survs does not share survey responses with third parties. We do not access or use survey responses except as necessary to provide the Service (e.g., to display survey results to the Survey Creator).
  • Survey Creators may have their own privacy policies. If applicable, Respondents should review the Survey Creator’s privacy policy to understand how their data will be used.

4. With Whom We Share or Disclose Information

For Creators

When necessary, we may share data with trusted third-party vendors who assist in operating the Service. These include:

  • Payment processor (Stripe): To securely process credit card transactions.
  • Customer support (Google Workspace): To manage email inquiries.

These third-party service providers comply with applicable data protection laws, including the General Data Protection Regulation (GDPR). For further details on data transfers and subprocessors, see Section 6.

For Respondents

We disclose survey responses only to the respective Survey Creator. As the primary collector of survey data, the Survey Creator controls and manages the responses.

  • Survey responses are shared with the Survey Creator. We act as a data processor, handling survey responses strictly as instructed by the Survey Creator. Any personal data Respondents provide in a survey is accessible to the Survey Creator.
  • Survs does not share respondent data with third parties. We do not distribute, monetize, or otherwise disclose survey responses, except as required by law or to ensure platform security.
  • Contact the Survey Creator for further information. If Respondents have concerns about how their data is used, they should reach out to the Survey Creator directly.

5. Data Retention Policy

We retain personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, comply with legal obligations, resolve disputes, and enforce our agreements. The retention period varies depending on the type of data:

  • Account information: Stored as long as the user maintains an active account. Deleted upon request or account termination.
  • Survey data: Retained as long as the Survey Creator maintains an active account. Deleted upon request or account termination.
  • Billing information: Stored for compliance with tax and accounting regulations.
  • Analytics & logs: Retained for a limited period for security, analytics, and service improvement.

Users may request data deletion at any time by contacting us.

6. Cross-Border Data Transfers & Subprocessors

Survs stores and processes user data within the Amazon AWS Frankfurt Region, ensuring that core application and survey data remain within the European Economic Area (EEA). However, we also rely on third-party service providers for specific functions, such as payment processing (Stripe) and customer support email (Google Workspace). These providers may store and process data outside the EEA in accordance with their respective data protection policies and applicable legal safeguards.

Subprocessors:

  • Amazon AWS: Cloud infrastructure. Location: Frankfurt, Germany.
  • Stripe: Payment processing. Data transfers: Stripe may process payment-related data outside the EEA, including in the U.S., under Standard Contractual Clauses (SCCs) and the EU-U.S. Data Privacy Framework (DPF).
  • Google Workspace: Email customer support. Data transfers: Google may process customer support emails outside the EEA, including in the U.S., under Standard Contractual Clauses (SCCs) and the EU-U.S. Data Privacy Framework (DPF).

These third-party service providers comply with applicable data protection laws, including the General Data Protection Regulation (GDPR).

7. Security, Cookies, and Other Information

Security

The security of user data is a top priority for Survs. We implement industry-standard measures to protect personal information from unauthorized access, loss, misuse, or alteration.

  • Data encryption: All data transmitted between users and our platform is encrypted using Secure Socket Layer (SSL) technology.
  • Secure storage: User information is stored on secure servers with access controls and continuous monitoring to prevent unauthorized access.
  • Account protection: If access to the Service requires a password, users are responsible for keeping it confidential and should not share it with others.
  • Continuous monitoring: We follow industry best practices to protect personal data both during transmission and at rest and regularly review our security protocols.

While we take all reasonable precautions to secure data, no online transmission or storage method is 100% secure. Users should take appropriate steps to protect their accounts and devices.

Cookies

Survs only uses cookies in the following cases:

  • Authentication: When users log into Survs, we set two session and authentication cookies to maintain their login status securely.
  • Survey participation: When a Respondent fills a survey, we set three cookies to track the progress and status of their response.

These cookies are strictly necessary for the functionality of our service. Survs does not use cookies for analytics, advertising, or tracking beyond these essential functions. Users can manage or delete cookies through their browser settings, but disabling cookies may prevent login functionality or interfere with survey participation.

8. User Rights & How to Exercise Them

As a user of Survs, you have rights under the General Data Protection Regulation (GDPR) regarding your personal data. These rights include:

  • Right to access: You can request a copy of the personal data we hold about you.
  • Right to rectification: If any of your personal data is inaccurate or incomplete, you have the right to request corrections.
  • Right to erasure: You may request the deletion of your personal data, subject to certain legal obligations.
  • Right to restriction of processing: You can ask us to temporarily limit how we use your data in specific circumstances.
  • Right to object: You have the right to object to processing based on legitimate interests or direct marketing.
  • Right to data portability: You may request to receive your data in a structured, commonly used, and machine-readable format.
  • Right to withdraw consent: If we process your data based on consent, you can withdraw it at any time.

How to Exercise Your Rights

To exercise any of these rights or to submit a data-related inquiry, please contact us at gdpr@survs.com. We will review your request and respond within 30 days, in accordance with GDPR requirements. For security reasons, we may require additional information to verify your identity before processing certain requests.

9. Data Breach Notification Procedure

Survs takes data security seriously and has measures in place to prevent unauthorized access, loss, or misuse of personal data. However, in the unlikely event of a data breach that compromises user information, we will take the following actions:

  • Assessment & containment: Upon detecting a breach, we will promptly investigate the incident to assess its scope and impact.
  • Regulatory notification: If required by law, we will notify the relevant data protection authorities within 72 hours of becoming aware of the breach.
  • User notification: If the breach poses a risk to user rights or personal data, affected users will be notified via email as soon as possible. The notification will include details about the breach, the type of data affected, and recommended steps users should take.
  • Mitigation & prevention: We will take immediate steps to mitigate the impact of the breach, implement corrective measures, and strengthen security to prevent future incidents.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or improvements to our services. If we make significant changes, we will notify users by posting a notice on our website before the changes take effect. In some cases, we may also provide additional notifications, such as email updates or in-platform messages. We encourage users to review this policy periodically to stay informed about how we handle personal data. Continued use of the Service after updates to the Privacy Policy constitutes acceptance of the revised terms.

11. Contact

If you have any questions, concerns, or requests regarding this Privacy Policy or the way Survs processes your personal data, please contact us at support@survs.com.