Data Collection and Management
Daniel Kyne avatar
Written by Daniel Kyne
Updated over a week ago

Data Protection Officer

At OpinionX, we work hard to ensure that we fulfil the obligations of EU General Data Protection Regulation (GDPR) and maintain transparency about how we use customer and user data. We have a dedicated Data Protection Officer to oversee and advise on our data management. Get in touch through our messenger or by emailing [email protected].

Security Measures

Data is encrypted at rest using industry standard AES-256 encryption. All network traffic is encrypted using Transport layer Security (TLS). Each database is deployed in an isolated virtual private cloud, only accessible from a granted IP address (not accessible from the internet). OpinionX data is hosted on Microsoft Azure and MongoDB Atlas.

Security Questionnaire

Question

Answer

Additional Context

Does OpinionX process (eg. store, transfer, modify, use, destroy) any customer data?

No

The only data we store are the email addresses used by team members who create OpinionX accounts.

Does any OpinionX staff have access to customer data in clear text?

No

Other than a user's email addresses, no customer data is stored or accessible in clear text.

Does OpinionX rely on Amazon (AWS), Google (GCP) or Microsoft (Azure) as sub-processors?

Yes

Azure

Do any third parties (external to OpinionX, e.g. business partners, sub-processors), other than those listed in the previous question process (e.g., store, transfer, modify, use, destroy) customer data?

Yes

- Stripe: subscription payment.

- Customer.io: email.

- MongoDB Atlas: database.

- Microsoft Azure: hosting.

Is multi-factor authentication mandatory for all OpinionX staff members and third parties (as from the previous question) who access user data?

Yes

2FA is required on all third-party platforms used by OpinionX employees.

Is it possible for the customer to mandate multi-factor authentication for all its staff members who will use the service?

No

2FA isn't currently available to OpinionX users.

Is customer data encrypted at rest?

Yes

via AES-256 encryption

Is customer data always encrypted in transit?

Yes

via TLS

Is customer data (including back-ups) hosted, processed or transferred outside of the EU?

No

Our data is hosted in the Republic of Ireland via Microsoft Azure

Does OpinionX outsource data hosting to a third party other than Amazon (AWS), Google (GCP) or Microsoft (Azure)?

Yes

MongoDB

Does OpinionX regularly back-up customer data? Are back-ups encrypted?

Yes

Is OpinionX's RTO equal to or more than 4 hours?

No

Is OpinionX's RPO equal to or more than 1 day?

No

Is customer data stored in a multi-tenant set-up?

Yes

Does OpinionX have a process to securely delete customer data at contract termination and upon request?

Yes

Are SLAs defined between OpinionX and the customer's organization for the scope of services covered?

Yes

Available upon request.

Does OpinionX have formally defined criteria for notifying the customer in the event of an incident that might impact the security of our data or systems?

Yes

Can OpinionX provide the customer with a copy of access logs upon request (covering both customer staff and OpinionX staff)?

Yes

Is the ISMS related to the contracted services ISO 27001 certified?

No

Does OpinionX have a current SOC2 type 2 report covering the scope of contracted services?

No

Does OpinionX perform independent code reviews?

No

Did this answer your question?