Help center

Search for anything you need or navigate the different sections of the Help Center.

Security

Trusting your information to an external service provider requires rigorous security measures. The security and integrity of your information if of vital importante to us, that's why we take this very seriously.

This article describes the technologies and processes that we use to protect your information. If there's anything that you need to understand more in depth, you can always get in touch with us and we will help your with all of your questions.

Physical security

Survey Kiwi infrastructure is hosted in Amazon Web Services (AWS). Our main servers are based in Virginia, USA. All of these comply with security and privacy standards.

Network security

All of our network environments are hosted in a private virtual network in the cloud (VPC) in Amazon Web Services. Our production networks are separated in public and internal services. We don't allow incoming online visits in our private networks, and all of application servers are hosted in private networks that do not have public IP addresses. The upload distributors, managed and controlled by Amazon, are the only ones that have entry access to Survey Kiwi's internal servers.

We also have strict security groups that control incoming and outgoing access to the servers.

We have firewalls installed to add another internal and external network security layer.

In summary, we make sure that all of the networks that we use are secure. The access to servers that we use are strictly limited and we don't allow external traffic.

Architecture summary

Survey Kiwi has been developed to be scalable and to have tolerance to flaws. If a machine fails, another one will be ready to take over the work automatically. This redundancy happens in every level of the platform.

In addition, in line with the recommended practices by AWS, we have a multi-region application architecture. So in case one region fails, the rest of the the architecture in different regions will be available to continue working replacing the failing region. 

Security copies of critical data are constantly running and in a different account to secure the continuity of the business in case of a disaster. 

Access control

The access to Survey Kiwi's resources is only allowed through secure connections (for example, VPN networks or SSH bastions). We follow the principle of minimum privilege, and the access is regularly audited to ensure that our employees have necessary access only to develop their work.

This means that Survey Kiwi employees will be only allowed to access Survey Kiwi's systems with a secure connection. Once an employee leaves the company, their access is automatically blocked.

Data protection measures

Once your information enters Survey Kiwi networks, we secure it with multiple encryption levels and access controls (end-to-end, even inside the private virtual network inside AWS cloud services), using secure cryptographic TLS protocols (currently TLS 1.2).

We use the advanced encryption standard (AES) with a 256 bits password to encrypt data at rest, including the security copies.

The access to the data of our users is restricted related to certain job positions: only authorized employees have access to certain information, and this access is revoked immediately once the employee leaves the company. 

We keep the information hosted in our system for as long as you have an account inside Survey Kiwi. Once you delete your information or you end the relationship with Survey Kiwi, all of the information will be automatically deleted from our database. The information that we save in our servers can take up to 90 days to be deleted permanently. 

Security monitoring and auditory

Survey Kiwi collects platform, infrastructure and system information in a repository managed in a centralized way with the objective of monitoring, problem resolution, security revisions and analysis by authorized employees. These information is preserved in compliance with mandatory regulations of assistance in case of security incident.