Data Security Policy

As a California-based business, data practices are engineered to meet or exceed applicable state and federal privacy mandates.

• CCPA/CPRA readiness: this business acts as a Service Provider under the California Consumer Privacy Act. It does not sell, share, or retain client or participant data for any purpose outside the specific business relationship defined in service agreements.
• CalOPPA: transparent data practice disclosures are maintained so participants can understand what data is collected and how it is used.
• Data sovereignty: while operations are based in California, surveys can be deployed on regionally compliant infrastructure, such as EU-based servers for GDPR alignment, when requested by clients.

Data is cryptographically secured at each stage to reduce the risk of unauthorized interception or exposure.

• In transit: external connections to survey applications and administrative interfaces are enforced over HTTPS using TLS 1.2 or higher with modern, secure cipher suites.
• At rest: database volumes, backups, and stored assets are encrypted at rest using AES-256 encryption where supported by the hosting environment.
• Secure destruction: following project completion and verified data handoff, data is permanently purged from primary databases and rolling backups using secure electronic erasure practices aligned with NIST SP 800-88 guidelines.

External threats are mitigated by maintaining a restricted hosting footprint and minimizing unnecessary application surface area.

• Zero plugin bloat: survey deployments are built on core, audited LimeSurvey code. By rejecting unverified third-party plugins, the primary attack vector for many open-source application vulnerabilities is reduced.
• Network isolation: servers are shielded behind strict firewalls with default-deny rules, restricting access to essential application ports.
• Vulnerability management: operating systems and application frameworks are patched continuously, with critical security updates targeted for deployment within seven days of public release.

Strict operational identity barriers are used to prevent internal and external unauthorized access.

• Multi-factor authentication: access to server management consoles, hosting infrastructure, and administrative survey panels requires MFA.
• Respondent security: closed-access surveys use individual, cryptographically unique tokens to ensure only designated participants can access a survey and to help prevent response manipulation.
• Audit trails: system logs record administrative access, data exports, and configuration changes. These logs are retained for a minimum of 90 days where supported by the hosting environment and project requirements.

In accordance with privacy-by-design principles, risk is minimized by avoiding the collection of unnecessary data.

For anonymous studies, survey configurations can strip respondent IP addresses, browser user agents, and precise submission timestamps so personally identifiable information is not written to the database when anonymity is required by scope.

In compliance with California Civil Code Section 1798.82, this business maintains an incident response process for suspected security events.

• Immediate mitigation: upon suspicion of a security incident, affected systems are isolated and any ongoing exposure is stopped as quickly as practicable.
• Notification timeline: if unauthorized acquisition of unencrypted personal information is confirmed, affected clients will be notified without unreasonable delay and no later than 72 hours from discovery.
• Reporting: notice will provide a clear description of the incident, the categories of data exposed, steps taken to secure the environment, and direct mitigation guidance.