Security and Compliance

We know your co-creation plans and insights are extremely important to you and your business, and we take protecting those plans seriously. We’ve created this page as a resource with documents and mappings for compliance support when formal certifications or attestations may be required.

The Vurvey infrastructure is architected to be a secure and high-performance SaaS environment and provides a scalable place for companies to co-create together with their customers. In addition to the security provided by the Vurvey hosting environment, there are additional security measures built into the platform itself including:

Encryption and Access

Vurvey encrypts communication between customers, creators, and our data centers through strong encryption. Every login and in-app page in Vurvey are secured through SSL. All data is encrypted at rest using AES-256 encryption. In addition, we employ a dedicated network service and firewall to block unauthorized access.

In addition to encryption, we enforce access controls for all employees. Vurvey employees are not able to access customer or creator data, unless specifically authorized to do so for support.

Data Compliance

The Vurvey cloud infrastructure is housed in Google data centers. This level of data center security allows Vurvey to be compliant with the highest industry standards.

EU-U.S. Privacy Shield

Vurvey complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. More information about EU-U.S. Privacy Shield Framework is available here.

General Data Protection Regulation (GDPR)

Vurvey complies with the General Data Protection Regulation regarding processing of personal data of people in the European Union. More information about GDPR is available here.

California Consumer Privacy Act

Vurvey is compliant with the CPRA and CCPA by building robust privacy and security protections into our services and contracts. The California Privacy Rights Act (CPRA) is a data privacy law that amends and expands upon the California Consumer Privacy Act (CCPA). You can find more information about the CCPA on the California Office of the Attorney General’s website.

Secure Data Centers

The Vurvey cloud infrastructure is housed in highly secure, distributed data centers, which use state of the art electronic surveillance and multi-factor access control systems. Data centers are staffed 24 hours a day by trained security guards, and access is authorized strictly on a least privileged basis.

Environmental systems in the data centers are designed to be redundant and minimize unforeseen disruptions and all personnel must be screened when leaving areas that contain customer data.

If you have additional questions about our security and compliance policies, please email [email protected]