Security at Simple Poll

Your privacy and security are our top priority

Security

ISO 27001

We are fully certified against the requirements of the international ISO 27001 standard

View our official certification

Subprocessors

We work with a range of sub-processors to deliver our services to you. You can learn more about these and our data privacy and security requirements from these providers here.

Bug Bounty Program

We’ve invited the security research community to help increase the security of our family of products and services. To learn more about our program click here.

Penetration Testing

We regularly undergo comprehensive external penetration testing of our systems and applications to find any potential security vulnerabilities.

Backups & Redundancy

Our data is regularly backed up with tested backup procedures and protected from a range of security threats or natural disasters.

Internal Practices

In addition to those set out here, we have a number of internal security practises that are regularly updated and audited including cyber-security awareness training for all employees. These practices are incorporated within our comprehensive information security management system, part of ISO 27001.

Cloud Service Provider

Our backend server is hosted on Heroku, which runs on top of Amazon Web Services (AWS) and is protected with a range of redundancy, data protection and recovery measures. Amazon's data center operations have been accredited under:

  • ISO 27001

  • SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)

  • PCI Level 1

  • FISMA Moderate

  • Sarbanes-Oxley (SOX)

Privacy

GDPR

As a company registered in London, UK and with customers across Europe, we’re committed to and are fully compliant with the requirements set out in the General Data Protection Regulation (GDPR) that came into effect across EU member states on the 25th May 2018.

Privacy Policy

We have a dedicated privacy policy that details how we collect, use and protect the data that’s shared with us across our websites and Slack apps. It can be viewed here.

Encryption

Data shared with us is encrypted both in transit and at rest. We use Amazon’s RDS database product to encrypt data at rest and all our connections use SSL/TLS for encryption in transit.

Permission Scopes

As part of the installation process of Simple Poll and our family of applications, you’ll be asked to agree to a number of permissions required for the app to function correctly. A full list of these and what they mean can be found here.

PCI Compliance

Our payment provider Stripe handles the secure protection and processing of all financial information in a fully PCI compliant manner. Visit their security page to learn more here.

SSO with Slack

All authentications to our dashboard are secured with mandatory Single-Sign-On using your Slack login, no passwords are required.

Questions about security?

Please contact us: [email protected]