Informizely takes the protection of your site and visitor data very seriously. We have various policies in place to enforce the safety of your data and the privacy of your visitors.
The Informizely servers and databases are hosted in Microsoft's industry leading Azure cloud, and are physically located in Microsoft Azure's West European datacenter, which is located in Amsterdam, The Netherlands. Microsoft Azure ensures industry strength security and allows Informizely to quickly and easily scale resources when needed. More information about Microsoft Azure Trust, Security, Privacy, Compliance and Certifications can be found at the Microsoft Azure Trust Center.
Data stored in the Informizely database is encrypted both in transit, using SSL, and is also encrypted at rest using
Transparent Data Encryption (TDE), as are its logfiles and backups.
Access to the Informizely database is restricted by a firewall that only allows access from trusted IP addresses (i.e. application servers). SQL authentication is used at the database level.
Access to all Informizely's resources in its datacenter by employees is subject to Role Based Access Control (RBAC): access is restricted based on the need to know and least privilege security principles.
Data sent from a visitor's browser to the Informizely server is always encrypted using SSL by using an HTTPS connection.
Passwords for the Informizely website are stored encrypted as a one-way hash.
Informizely does not store any credit card details for recurring billing. These are securely stored by Braintree, our Level 1 PCI DSS Compliant Payment Provider partner.
The Informizely database supports Point in Time Restore up to 35 days, based on automatic encrypted full, differential, and transaction log backups. Full database backups happen weekly, differential database backups generally happen every few hours, and transaction log backups generally happen every 5 - 10 minutes.
IPv4 addresses of visitors are stored anonymized, by setting the last octet to 0, so that they are not personally identifiable but can still be used for e.g. geolocation purposes. Customers can configure their account to not store respondent IP addresses at all.
Survey respondents are assigned a random unique visitor ID so that Informizely can keep track of returning visitors. These visitor IDs can in no way be traced back to individuals.
Data collected by Informizely is exclusively reserved for use by our customers. Informizely does not use the data in any form without explicit consent.
Informizely's survey widget uses first-party cookies. This means that the cookies are stored on the domain where the surveys are run. Our cookies only store anonymous data about a visitor that is needed for making decisions about when to show a survey, like the number of site visits and survey views. History data is stored in the persistent cookie "_iz_uh_ps_" and session data is stored in the session cookie "_iz_sd_ss_". Informizely customers have the option to store visitor data in local storage with the same names, instead of using cookies.
For any questions on our security policies please contact firstname.lastname@example.org.