Security is at the core of our business
We value the confidence you’ve put in us and take the responsibility
of protecting your survey data and privacy extremely seriously.
Enterprise-grade secure network
Segmanta’s most important concern is the protection and integrity of our users’ data. We use top-tier leader, Google Cloud Platform (GCP), as our data center provider which adheres to the highest physical and software security standards, maintaining industry recognized certifications.
Learn more
Your data, your control
Segmanta was built with security features to protect your account and enforce your organizational privacy policies. With Segmanta, you control how your surveys are shared with others, including granting or revoking access and collaboration tools to specific users.
Learn more
Security at the core of our organization
Security standards are only as strong as the people who implement them. We’ve developed a comprehensive set of internal best practices, regularly train employees on security awareness and more, to ensure that we are surpassing the most demanding security and service levels.
Learn more
Global Security Compliance
Privacy Shield Compliance
Monitored by the Federal Trade Commission, Segmanta complies with the US-EU and US-Swiss Privacy Shield Framework.
GDPR Compliance
As part of our firm commitment to data security, user protection and consumer privacy, Segmanta is committed to GDPR compliance.
Segmanta’s Security Features
System Security
Data Hosting and Storage
Segmanta services and data are hosted in Google Cloud Platform (GCP) which adheres to the highest physical and software security standards. GCP is accredited under ISO 27001, ISO 27017, SSAE16 / ISAE 3402 (SOC 2/3), and other top certifications.
Physical Security
Segmanta data is processed, stored and hosted in GCP’s state-of-the-art data centers which are safeguarded with multilayered security measures. These include perimeter fencing, custom electronic access cards, biometric checks, and continuous external and internal security camera surveillance.
Location
Segmanta's data centers are all hosted in the United States. Segmanta is compliant with the US-EU and US-Swiss Privacy Shields, providing protections for data transferred from the EU/Switzerland to our U.S. data centers.
Encryption
Segmanta uses Transport Layer Security (TLS) encryption for all transmitted data in transit, and encrypts all data at rest through leading block-level storage encryption.
Protection
Segmanta user data and services are protected by high-end firewall systems, contained in a private network disconnected from the internet. All our services have quick failover points with redundant hardware, and complete encrypted backups are performed on a daily basis.
Architecture
Our system security infrastructure is spread across multiple security zones, whereby more sensitive systems such as database servers are protected in our most trusted zones. Other systems are housed in zones corresponding with their sensitivity, function, information classification, and risk. Web servers are located in a DMZ and connect to internal networks through a firewall.
Account Security
SSO
Single Sign-on (SSO) allows you to authenticate users in your own systems without requiring them to enter additional login credentials
Password Management
All Segmanta accounts are password protected. Passwords are salted, then hashed and stored, making them in an unreadable format. Email-based password reset links are sent only to a user's pre-registered email address with a temporary link.
2FA
If you are using a Segmanta enterprise account, you can turn on 2-factor authentication (2FA) for your team. Segmanta supports apps like Authy and Google Authenticator for generating passcodes. 2FA provides another layer of security to your account, making it much more challenging for somebody else to sign in as you.
Survey Permissions
Segmanta gives you control over when your surveys should be made public or kept private and which other users can have access to collaborate on your surveys.
Role-Based Access
Access privileges to your account and survey data are defined by the roles you assign to users under your account using various granular permission levels (admin, team member, editor, analyst etc.). Access can be changed or revoked by admins at any time.
Activity Logs
Segmanta produces logs for all actions taken by users within a survey or account, such as logins, survey editor activity, and user collaboration, giving survey owners and admins full visibility over their account.
PCI Compliance
Payments to Segmanta are made through our payment processing partner, Stripe, which is certified as a PCI Level 1 Service Provider, the most stringent level of certification available in the payments industry.
GDPR Compliance
Segmanta is committed to supporting General Data Protection Regulation (GDPR), legislation designed to give EU residents greater transparency, control and security over their personal data. As part of our commitment to GDPR compliance, Segmanta continues to add platform tools that help keep your data secure and give you full control over what data you collect from respondents and how you collect it.
Organizational Security
Uptime
Segmanta has an average uptime of 99.9% or higher.
Privacy Shield Compliance
Segmanta has elected to self-certify to the EU-US Privacy Shield and Swiss-U.S. Frameworks administered by the US Department of Commerce. Segmanta commits to cooperate with EU data protection authorities (DPAs) and with the Swiss Federal Data Protection and Information Commissioner (FDPIC), and to comply with the advice given by such authorities with regards to data transferred from the EU and Switzerland.
Incident Response
Segmanta has implemented a detailed Incident Response Protocol for handling security incidents including notification policies, escalation procedures, rapid mitigation and post mortem investigation.
Disaster Recovery and Business Continuity
Segmanta ensures proper crisis management in the event of a disaster including its resilient technological infrastructure, technical response flow and recovery strategy for the restoration of critical services. Segmanta’s Disaster Recovery and Business Continuity plans ensure that our services remain available or are easily recoverable in the event of a disaster. This is accomplished through our robust physical system infrastructure, established response flows, and recovery procedures.
Employee Access
Access to Segmanta user data by employees is explicitly restricted on a need-to-know-basis, for example, in cases of providing you with professional services or customer support. Segmanta employees who access user data are required to use multiple factors of authentication and are monitored by internal audit logs.
Employee Training
Segmanta maintains a full-time information security officer who is responsible, among other duties, for developing and delivering training to our employees. All employees are required to go through data privacy and security training upon beginning their employment as well as attending regular meetings reviewing security processes and protocols.
Trusted by today’s most innovative businesses
