GetFeedback is the leading provider of customer experience surveys for the Salesforce ecosystem. Founded in 2013, GetFeedback’s mission is to build beautiful, easy-to-use software for companies that want to understand and improve customer experience.
GetFeedback is part of Campaign Monitor, a well-established leader in email marketing, with more than 200 employees worldwide, and 150,000 paying customers.
GetFeedback runs entirely on the trusted Salesforce Heroku platform and on industry-leading cloud service provider Amazon Web Services (AWS) (Heroku itself also runs on AWS). We chose Heroku and AWS for a variety of reasons; trust, security, and reliability being top of mind.
Heroku’s security policy is published here:
AWS’s security policy is published here:
GetFeedback runs in AWS’s main data center, located in Northern Virginia with our backup data center being located in Oregon.
AWS facilities are accredited under:
And others. More from AWS:
AWS data center facilities feature 24-hour manned security, biometric access control, video surveillance, and physical locks. All systems, networked devices, and circuits are constantly monitored.
Information about Heroku’s vulnerability assessment, reporting and management practices, as well as information on physical, network and data security, can be found on their security page:
GetFeedback utilizes Heroku’s PG Backups to store a full backup daily. More here:
All communications with and between GetFeedback servers is encrypted using industry-standard TLS/SSL.
All data is encrypted on-disk.
Yes. You can review it here:
Yes. All prospective employees are screened by a leading background checking service.
GetFeedback is currently developing a program to periodically test security controls. This page will be updated as the program develops.
GetFeedback relies on industry-leading vendors like Heroku, Google, Amazon and Dropbox to provide services like application hosting, corporate email security and corporate file security.
GetFeedback’s credit card processing vendor Stripe uses the latest TLS technology for secure transactions. Our vendor is certiﬁed as PCI Service Provider Level 1 and is compliant with card association security initiatives, like the Visa Cardholder Information Security and Compliance (CISP), MasterCard® (SDP), and Discovery Information Security and Compliance (DISC).
Credit card numbers are never stored on GetFeedback servers. They are routed directly to Stripe. More from Stripe here:
GetFeedback runs from AWS’s main data center located in Northern Virginia.
Your survey content is owned by you, and only you choose with whom to share your surveys. Survey responses are owned and managed by the survey creator.
Only GetFeedback administrators and customer/technical support managers have access to your survey data. Our staff will not access your response data, grant access to third parties or otherwise disseminate your response data without your permission. If there is a request for support, or if you hire our consulting services, then the person assigned to the request may, with your permission, log into your account for the purpose of troubleshooting and correcting the reported issue or performing the requested task.
The policies and practices of GetFeedback, and of the Salesforce Heroku and Amazon Web Services platforms on which GetFeedback is hosted, are consistent with the objectives of the Health Insurance Portability and Accountability Act (HIPAA) with regard to data security and data privacy.
In the following limited situations, we may disclose information that we collect or that you provide to us:
We only use information that we collect about or from survey takers, including any personal information, to:
Deleting your content may not immediately remove the content you have published from our systems, because of caching, backups, or other references to your account. GetFeedback guarantees full erasure of deleted data within 90 days of a written request.
Though of course not every possible type of malicious data access can be anticipated, GetFeedback’s application security architecture ensures segregation of customer data.
GetFeedback runs in facilities powered by redundant power, each with UPS and backup generators. Heroku’s application deployment model minimizes the risk that changes to the GetFeedback application will disrupt service.
GetFeedback’s availability is consistently above 99.95% and is usually very close to 99.99%.
We tweet from @getfeedback, though this is rarely necessary.
Heroku publishes their uptime here:
AWS publishes their status history here:
Our deployment platform usually obviates the need for downtime when we make changes to GetFeedback. However, we will notify customers by email at least 24 hours in advance of any planned downtime.
Internal access to GetFeedback servers is controlled by restricting traffic to a specific set of network IP addresses.
All access to GetFeedback is governed by access rights, authenticated by username and password.
Passwords are always encrypted, never stored as plain text.
Your GetFeedback administrator can provision more granular access privileges for your users, such as read/write access to a Salesforce integration.
GetFeedback’s application security architecture ensures segregation of customer data.
Last updated October 2016