1. Introduction

At SURVEYGPT, operated by SURVEYGPT MARKET RESEARCH PRIVATE LIMITED, we are committed to protecting the privacy, integrity, and security of the personal data of our users. This Security Policy outlines the procedures, safeguards, and standards we maintain to ensure that all data collected through our platform www.surveygpt.com is handled responsibly and securely.

This document applies to all data collected from individuals who use our platform for market research participation, surveys, user engagement, or any related activity. Our goal is to foster a trusted environment by implementing industry-leading practices that prevent unauthorized access, misuse, or disclosure of data.

2. Scope of the Policy

This Security Policy applies to:

• All data processing activities performed by SurveyGPT.
• All employees, contractors, partners, and third-party service providers acting on behalf of SurveyGPT.
• All platforms, systems, databases, and applications used for storing or processing user data.

3. Data Collection Principles

• Transparency: We communicate clearly how and why personal data is collected.
• User Consent: Consent is obtained where necessary and users are given the option to withdraw at any time.
• Fair Use: We process data for legitimate purposes, directly related to services offered.
• Relevance: We only collect data that is necessary for our operations.

4. Purpose of Data Use

• Verifying participant identities
• Matching users with relevant surveys
• Processing rewards, incentives, or payments
• Communicating updates, opportunities, and support
• Improving the quality of our research and panel experience
• Preventing fraud, spam, or unauthorized activity
• Monitoring performance and analyzing trends across the platform

We do not sell, rent, or disclose personal information to third parties without permission, except where legally or contractually required.

5. Data Retention and Deletion

• Active Users: Data is retained while the account remains in use.
• Inactive Users: Accounts and associated data are automatically deleted after 12 months of inactivity.

Upon request, users may request early deletion of their account and associated data.

6. Security Measures

We implement a multi-layered approach to security involving both technical and organizational safeguards.

6.1. Technical Measures

• Encryption: All sensitive data is encrypted during transmission using SSL/TLS. Stored data is protected using modern encryption protocols.
• Secure Servers: Data is hosted on secure, firewall-protected infrastructure with regular updates and monitoring.
• Access Controls: Systems are protected with role-based access, strong password enforcement, and multi-factor authentication (MFA) where appropriate.
• Backup and Recovery: Data is regularly backed up and can be restored in case of loss or corruption.
• Activity Monitoring: We continuously monitor network traffic, user activity, and system logs to detect suspicious behavior or potential intrusions.
• Software Updates: All systems and applications are patched and updated regularly to mitigate vulnerabilities.

6.2. Organizational Measures

• Confidentiality Agreements: All staff and contractors are bound by confidentiality and data security obligations.
• Security Awareness Training: Employees undergo regular training on safe data handling, phishing prevention, and incident reporting procedures.
• Vendor Oversight: We evaluate third-party service providers for security compliance and require written agreements to ensure data protection standards are upheld.

7. Cookies and Tracking Technologies

• Personalize user experiences
• Track website performance and analytics
• Enhance functionality and usability

Users can manage or disable cookies using their browser settings or via the Cookie Consent Manager available on our website.

8. User Rights and Controls

We believe users should have full control over their personal data. You may:

• Access the data we hold about you
• Request corrections to inaccurate information
• Request that your data be deleted or restricted
• Withdraw previously granted consent
• Request information about how your data has been used

To submit a request, email us at privacy@surveygpt.com. Requests will be handled in a timely manner, subject to identity verification.

9. Incident and Breach Management

In the event of a suspected or confirmed security incident:

• We will immediately investigate the root cause and impact.
• Necessary steps will be taken to contain and resolve the incident.
• Affected individuals will be notified if there is a risk to their information.
• Lessons learned will be used to strengthen future protections.
• All incidents are documented internally and escalated to senior leadership and technical teams.

10. Privacy by Design and Risk Management

We embed privacy and security considerations into all systems and operations from the design phase. New products, features, or data handling processes are reviewed for risk and security implications prior to deployment. This includes:

• Security risk assessments
• Data classification analysis
• Minimization of data exposure
• Secure development practices

11. Policy Review and Maintenance

This Security Policy is reviewed at least once annually and whenever there are significant changes to our operations, services, or technology. The most up-to-date version is always accessible on our website.

12. Contact and Support

For questions regarding this policy or your personal data, please contact our support and compliance team:

SURVEYGPT MARKET RESEARCH PRIVATE LIMITED
Email: privacy@surveygpt.com
Website: www.surveygpt.com

We are committed to transparency, accountability, and user empowerment when it comes to data protection.

13. Review and Revision

This Security Policy is reviewed periodically and updated as necessary to reflect changes in our practices, technology, or legal requirements.