SNSurveys - Industry Panel Surveys

Data Security & Privacy Policy

Your trust is our foundation. This policy details how SNSurveys protects your data with industry-leading security measures.

Security Architecture Overview

SNSurveys employs a multi-layered security architecture designed to protect data at every stage - from collection through storage to analysis. Our platform is built on enterprise-grade infrastructure with security as the primary design principle.

  • Infrastructure Provider: Google Cloud Platform (Firebase)
  • Encryption Standard: libsodium sealed box (X25519-XSalsa20-Poly1305)
  • Authentication: Passwordless magic link authentication with JWT tokens
  • Database: Cloud Firestore with granular security rules

End-to-End Encryption

How Your Responses Are Protected

  1. 1. Browser-Based Encryption: When you submit a survey response, it is encrypted directly in your web browser using a public encryption key before any data leaves your device.
  2. 2. Sealed Box Technology: We use libsodium's sealed box encryption, which provides anonymous sender encryption. Even we cannot identify which encrypted response came from which panelist.
  3. 3. Zero-Knowledge Architecture: SNSurveys administrators can see that you've completed a survey, but cannot access your actual responses. Only aggregate, anonymized data is ever decrypted.
  4. 4. Secure Key Management: Decryption keys are stored separately from encrypted data and are only used by automated aggregation processes, never for individual response viewing.

Data Collection & Storage

What We Collect

  • Identity Data: Name, email, organisation (stored separately from responses)
  • Survey Responses: Your encrypted survey answers
  • Metadata: Timestamp of submission, completion status
  • Technical Data: Browser type and version for compatibility

What We DON'T Collect

  • • IP addresses linked to responses
  • • Tracking cookies or advertising identifiers
  • • Location data
  • • Device fingerprinting information

Access Controls & Authentication

Panelist Access

  • • Magic link authentication (no passwords)
  • • Time-limited access tokens (24 hours)
  • • One authenticated user per organisation
  • • Automatic session timeout after inactivity

Administrator Access

  • • Role-based access control (RBAC)
  • • Cannot view individual responses
  • • Access to aggregate data only
  • • All actions logged for audit

Data Aggregation & Anonymization

Privacy Protection Measures

  • Minimum Response Threshold: Results are only displayed when at least 5 organisations have responded to prevent identification of individual responses.
  • Statistical Aggregation: All data is presented as averages, percentages, or distributions. Individual data points are never exposed.
  • Demographic Masking: When filtering by organisation attributes, results are suppressed if the subset is too small to maintain anonymity.
  • No Re-identification: Our system is designed to make it technically impossible to work backwards from aggregate data to individual responses.

Compliance & Standards

SNSurveys operates in full compliance with Australian privacy laws and international best practices:

  • Privacy Act 1988: Full compliance with Australian Privacy Principles (APPs)
  • GDPR Ready: Designed to meet European data protection standards
  • ISO 27001 Principles: Security controls aligned with international standards
  • Regular Audits: Periodic security assessments and penetration testing

Data Retention & Deletion

  • Survey Responses: Encrypted responses are retained for 24 months to enable year-over-year comparisons, then automatically deleted.
  • Aggregate Data: Anonymized aggregate reports are retained indefinitely for historical trend analysis.
  • Personal Information: Panelist contact information is retained only while actively participating in the panel and deleted within 30 days of departure.
  • Right to Erasure: Panelists can request immediate deletion of their personal data at any time by contacting panel@snsurveys.com.au.

Security Incident Response

In the unlikely event of a security incident:

  1. 1. Immediate containment and investigation
  2. 2. Assessment of impact and affected data
  3. 3. Notification to affected parties within 72 hours
  4. 4. Cooperation with relevant authorities
  5. 5. Implementation of additional safeguards

Your Rights

As a SNSurveys panelist, you have the right to:

  • • Access information we hold about you
  • • Correct any inaccurate personal information
  • • Request deletion of your personal data
  • • Opt-out of surveys at any time
  • • Receive notification of any data breaches
  • • Lodge a complaint with privacy authorities

Contact Our Security Team

For questions about this policy, to report security concerns, or to exercise your privacy rights:

Email: security@snsurveys.com.au

Panel Management: panel@snsurveys.com.au

Response Time: Within 2 business days

← Back to Home

Last updated: February 2026 | Version 1.0