Standards & Ethics

Compliance & Data Security

Protecting your data and respecting respondent privacy are not just obligations; they are the foundation of our business.

Trust is the Currency of Our Industry

In an era of increasing data breaches and privacy concerns, we go above and beyond to ensure that every piece of data we collect, store, and process is secure and compliant with global regulations.

Global Regulatory Compliance

GDPR (General Data Protection Regulation)

For our European respondents and clients, we fully adhere to GDPR standards. This includes obtaining explicit consent, ensuring data minimization, and appointing a dedicated Data Protection Officer (DPO).

CCPA (California Consumer Privacy Act)

We respect the rights of California residents, providing transparency about data collection and offering clear "Do Not Sell My Personal Information" options where applicable.

HIPAA (Health Insurance Portability and Accountability Act)

For healthcare research, we implement strict safeguards to protect Protected Health Information (PHI). Our systems are designed to ensure respondent anonymity and data security.

ICC/ESOMAR Code

We are proud members of the research community and strictly follow the ICC/ESOMAR International Code on Market, Opinion, and Social Research and Data Analytics.

Our Security Infrastructure

Encryption

All data is encrypted in transit (SSL/TLS) and at rest using industry-standard AES-256 encryption protocols.

Secure Hosting

We utilize top-tier cloud providers (AWS/Azure) with robust physical and digital security measures, including firewalls and intrusion detection.

Access Control

Strict Role-Based Access Control (RBAC) ensures that only authorized personnel have access to sensitive data, on a need-to-know basis.

Regular Audits

We conduct regular internal and third-party security assessments to identify and address potential vulnerabilities proactively.

Respondent Rights

We empower our respondents with full control over their data.

  • Right to Access: Respondents can request a copy of their personal data.
  • Right to Rectification: They can update or correct their information at any time.
  • Right to Erasure: Also known as the "Right to be Forgotten," allowing permanent data deletion.

How We Handle Data

From the moment a respondent joins to final delivery, we follow a clear, auditable data lifecycle designed to reduce risk and improve reliability.

1) Collection

Consent-first collection with purpose limitation and minimal required fields.

2) Validation

Anti-fraud checks, duplication controls, and panel hygiene to protect data quality.

3) Processing

Role-based access and secure workflows for project setup, targeting, and fielding.

4) Retention

Retention aligned to legal requirements, with deletion policies and access logs.

Compliance FAQ

Quick answers to common governance questions.

Do you share respondent PII?

We follow strict data minimization and only process what is required for research operations.

How is consent managed?

Respondents can review and update their preferences, with clear opt-out options.

How do you secure research delivery?

Secure transfer methods and controlled access help protect datasets during handover.

Partner with a compliant provider.

Ensure your research is ethical, secure, and compliant.

Contact Us for Compliance Details