We advise on trust - so we have to be able to document it ourselves. Here is how we protect your data and what your IT and compliance teams can request.
SurveyGauge is certified to ISO 27001, the international standard for information security management. That means documented processes for risk management, access control and incident handling.
The ISO 27017 certification covers security controls specific to cloud services - from the division of responsibility between us and you to the protection of your data in the cloud environment.
We comply with the GDPR with a data processing agreement (DPA), documented deletion policies, a sub-processor list and data minimisation by default. All data is hosted in the EU.
DPA, deletion policies, sub-processor list and certification documentation are available on request.
Request documentationYour customer data does not leave the EU. As a Danish company with European customers, data protection is not a compliance checkbox for us - it is a precondition. Details on sub-processors, retention periods and your rights are set out in our privacy policy.
Less than most expect. Data minimisation is the default - we only ask for what the surveys require.
Name, work email, company and role for the contacts who should receive surveys. That is all we need to get started.
E.g. customer type, market or account owner, so results can be segmented meaningfully. Delivered as fields in the same export.
You do not need to give us access to your CRM. A simple export (e.g. CSV) is enough - an integration can always be added later if you want it.
Yes. The DPA, deletion policies, sub-processor list and other documentation are available on request - write to hello@surveygauge.com and we will send it the same day.
All data is hosted in the EU. Details on sub-processors and transfer mechanisms are set out in our privacy policy and DPA.
No. A simple export with contacts and segment fields is enough to run the program. If you later choose an integration, scope and access are agreed precisely in the DPA.
Your data is deleted according to the retention periods agreed in the DPA, and you can have your data exported in a standard format before deletion. No lock-in.
We are happy to answer directly - or bring them to a meeting where you can also see the platform.