Last Updated September 4, 2019
GetFeedback is the leading provider of customer experience surveys for the Salesforce ecosystem. Founded in 2013, GetFeedback’s mission is to build beautiful, easy-to-use software for companies that want to understand and improve customer experience.
GetFeedback runs on the trusted Salesforce Heroku platform and on industry-leading cloud service provider Amazon Web Services (AWS) (Heroku itself also runs on AWS). We chose Heroku and AWS for a variety of reasons; trust, security, and reliability being top of mind. We also host our external analytics database on the Google Cloud Platform.
Heroku’s security policy is published here:
https://www.heroku.com/policy/security
AWS’s security policy is published here:
https://aws.amazon.com/security/
Google Cloud's security policy is published here:
https://cloud.google.com/security/
GetFeedback runs in AWS’s main data center, located in Northern Virginia with our backup data center being located in Oregon. The external analytics database runs in Google Cloud's data centers in South Carolina, with our backups stored in Iowa.
AWS and GCP facilities are accredited under:
And others. More from AWS:
https://aws.amazon.com/compliance/pci-data-privacy-protection-hipaa-soc-fedramp-faqs/
Information about Google Cloud is published here:
https://cloud.google.com/security/compliance/
AWS data center facilities feature 24-hour manned security, biometric access control, video surveillance, and physical locks. All systems, networked devices, and circuits are constantly monitored.
Information about Heroku’s vulnerability assessment, reporting and management practices, as well as information on physical, network and data security, can be found on their security page:
https://www.heroku.com/policy/security
GetFeedback utilizes Heroku’s PG Backups to store a full backup daily. More here:
https://devcenter.heroku.com/articles/heroku-postgres-backups
GetFeedback also uses Google Cloud Platform for redundancy. GCP is configured to store a full backup daily as well.
All communications with and between GetFeedback servers is encrypted using industry-standard TLS/SSL.
All data is encrypted on-disk.
Yes. GetFeedback's information security policy can be requested once the customer has signed a Non-Disclosure Agreement.
Yes. All prospective employees are screened by a leading background checking service.
GetFeedback relies on industry-leading vendors like Heroku, Google, and Amazon to provide services like application hosting, corporate email security and corporate file security.
GetFeedback’s credit card processing vendor Stripe uses the latest TLS technology for secure transactions. Our vendor is certified as PCI Service Provider Level 1 and is compliant with card association security initiatives, like the Visa Cardholder Information Security and Compliance (CISP), MasterCard® (SDP), and Discovery Information Security and Compliance (DISC).
Credit card numbers are never stored on GetFeedback servers. They are routed directly to Stripe. More from Stripe here:
https://stripe.com/docs/security
GetFeedback’s Privacy Notice is here: https://getfeedback.com/privacy
The Heroku platform has certified that it adheres to the US-Swiss Safe Harbor Principles. The Heroku Privacy Policy is here:
https://www.heroku.com/policy/privacy
Google Cloud Platform privacy details are published here:
https://cloud.google.com/security/privacy/
GetFeedback runs from AWS’s main data center located in Northern Virginia.
Your survey content is owned by you, and only you choose with whom to share your surveys. Survey responses are owned and managed by the survey creator.
Only GetFeedback administrators and customer/technical support managers have access to your survey data. Our staff will not access your response data, grant access to third parties or otherwise disseminate your response data without your permission. If there is a request for support, or if you hire our consulting services, then the person assigned to the request may, with your permission, log into your account for the purpose of troubleshooting and correcting the reported issue or performing the requested task.
The policies and practices of GetFeedback, and of the Salesforce Heroku and Amazon Web Services platforms on which GetFeedback is hosted, are consistent with the objectives of the Health Insurance Portability and Accountability Act (HIPAA) with regard to data security and data privacy.
In the following limited situations, we may disclose information that we collect or that you provide to us:
We only use information that we collect about or from survey takers, including any personal information, to:
Deleting your content may not immediately remove the content you have published from our systems, because of caching, backups, or other references to your account. GetFeedback guarantees full erasure of deleted data within 90 days of a written request.
Though of course not every possible type of malicious data access can be anticipated, GetFeedback’s application security architecture ensures segregation of customer data.
GetFeedback runs in facilities powered by redundant power, each with UPS and backup generators. Heroku’s application deployment model minimizes the risk that changes to the GetFeedback application will disrupt service.
GetFeedback’s availability is consistently above 99.95% and is usually very close to 99.99%.
We tweet from @getfeedback, though this is rarely necessary. Customers can also visit http://status.getfeedback.com to subscribe to updates or check the GetFeedback platform status.
Heroku publishes their uptime here:
https://status.heroku.com/uptime
AWS publishes their status history here:
Google Cloud Platform publishes their uptime here:
https://status.cloud.google.com/
Our deployment platform usually obviates the need for downtime when we make changes to GetFeedback. However, we will notify customers by email at least 24 hours in advance of any planned downtime.
Internal access to GetFeedback servers is controlled by restricting traffic to a specific set of network IP addresses.
All access to GetFeedback is governed by access rights, authenticated by username and password.
Passwords are always encrypted, never stored as plain text.
Your GetFeedback administrator can provision more granular access privileges for your users, such as read/write access to a Salesforce integration.
GetFeedback’s application security architecture ensures segregation of customer data.
GetFeedback can provide the CSA CAIQ v3.0.1 upon request after the customer has signed an NDA.
Last updated March 2019