Data Protection Officer
At OpinionX, we work hard to ensure that we fulfil the obligations of EU General Data Protection Regulation (GDPR) and maintain transparency about how we use customer and user data. We have a dedicated Data Protection Officer to oversee and advise on our data management. Get in touch through our messenger or by emailing [email protected].
Security Measures
Data is encrypted at rest using industry standard AES-256 encryption. All network traffic is encrypted using Transport layer Security (TLS). Each database is deployed in an isolated virtual private cloud, only accessible from a granted IP address (not accessible from the internet). OpinionX data is hosted on Microsoft Azure and MongoDB Atlas.
Security Questionnaire
Question | Answer | Additional Context |
Does OpinionX process (eg. store, transfer, modify, use, destroy) any customer data? | No | The only data we store are the email addresses used by team members who create OpinionX accounts. |
Does any OpinionX staff have access to customer data in clear text? | No | Other than a user's email addresses, no customer data is stored or accessible in clear text. |
Does OpinionX rely on Amazon (AWS), Google (GCP) or Microsoft (Azure) as sub-processors? | Yes | Azure |
Do any third parties (external to OpinionX, e.g. business partners, sub-processors), other than those listed in the previous question process (e.g., store, transfer, modify, use, destroy) customer data? | Yes | - Stripe: subscription payment. - Customer.io: email. - MongoDB Atlas: database. - Microsoft Azure: hosting. |
Is multi-factor authentication mandatory for all OpinionX staff members and third parties (as from the previous question) who access user data? | Yes | 2FA is required on all third-party platforms used by OpinionX employees. |
Is it possible for the customer to mandate multi-factor authentication for all its staff members who will use the service? | No | 2FA isn't currently available to OpinionX users. |
Is customer data encrypted at rest? | Yes | via AES-256 encryption |
Is customer data always encrypted in transit? | Yes | via TLS |
Is customer data (including back-ups) hosted, processed or transferred outside of the EU? | No | Our data is hosted in the Republic of Ireland via Microsoft Azure |
Does OpinionX outsource data hosting to a third party other than Amazon (AWS), Google (GCP) or Microsoft (Azure)? | Yes | MongoDB |
Does OpinionX regularly back-up customer data? Are back-ups encrypted? | Yes |
|
Is OpinionX's RTO equal to or more than 4 hours? | No |
|
Is OpinionX's RPO equal to or more than 1 day? | No |
|
Is customer data stored in a multi-tenant set-up? | Yes |
|
Does OpinionX have a process to securely delete customer data at contract termination and upon request? | Yes |
|
Are SLAs defined between OpinionX and the customer's organization for the scope of services covered? | Yes | Available upon request. |
Does OpinionX have formally defined criteria for notifying the customer in the event of an incident that might impact the security of our data or systems? | Yes |
|
Can OpinionX provide the customer with a copy of access logs upon request (covering both customer staff and OpinionX staff)? | Yes |
|
Is the ISMS related to the contracted services ISO 27001 certified? | No |
|
Does OpinionX have a current SOC2 type 2 report covering the scope of contracted services? | No |
|
Does OpinionX perform independent code reviews? | No |
|