Security and Privacy
In this article:
- Introduction: Protecting your data.
- Delighted security and privacy documentation.
- Certifications: GDPR and CCPA.
- Data retention policy.
- Logging in: Email Address, Passwords, SSO, and 2-step security.
FAQs
- Who can see my data?
- What safeguards are in place to protect my data?
- Do you do anything with the emails or phone numbers I've added to Delighted?
Introduction: Protecting your data
Protecting your data is our top priority. We understand that you are trusting us with your data, and we take the responsibility of securing it extremely seriously. To do your part, please be sure to review our Terms of Service, as well as our other security and privacy documentation before using Delighted.
In order to use your organization's account, users must set many many of the Delighted security systems up for themselves. As an Admin, you can't do it for them.
So, to help them get started safely, send your users to our security training article, Delighted Security Briefing: User Security Training, in this section of the Help Center.
Delighted security and privacy documentation
If your team requires a review of security procedures and architecture before purchasing any software or service, the below documentation will provide most, if not all, of the information needed.
- Security overview: Reviews key system architecture, fallout and disaster recovery, data storage and security, encryption and authentication details, and more.
- Privacy documentation: Explains the type of information we collect from users and what we do with it (like personalize experiences and improve our customer service). Note that your data and transactions will not be sold, exchanged, transferred, or given to any other company.
- Terms of Service: Details Delighted’s appropriate terms of use, as well as agreements regarding payment and renewal. Please read these Terms of Service carefully before using delighted.com or the products or services offered by Delighted.
- GDPR: Reviews our compliance with the European Union’s General Data Protection Regulation (GDPR).
If you have questions about any of the above documentation or require further security review, please reach out to our Customer Concierge team.
Certifications: GDPR and CCPA
Delighted is GDPR and CCPA compliant. As a customer of Delighted, you are covered automatically by our Terms of Service and Privacy Policy. These cover core requirements of GDPR and CCPA, including sale of personal data, right to erasure of personal data, etc.
- To learn more about which Delighted features support our GDPR compliance, read our GDPR page.
- For CCPA requests related to data access, check out section 7. Reporting and Analytics.
- For information about deleting respondent data in compliance with GDPR or CCPA requests, check out section 5. Managing People and Properties.
Data retention policy
Delighted’s Data Retention Policy feature provides options to automatically (1) Delete response data outside of a specific time window and/or (2) Anonymize data outside of a specific time window. You can review your policy settings by heading to the Data retention policy page.
Finding your Data Retention Policy settings
Head to your Account menu, scroll down to the "Data retention policy" menu item, and then click to head into your policy settings:
Delete Responses
This setting will automatically delete responses once outside of a time window that you specify.
Anonymize Responses
This setting will automatically anonymize responses (anonymizing name/email/phone number and any other personally identifiable information fields like IP addresses) once outside of a time window that you specify. We will only anonymize name, email, and phone number fields, so any other properties you pass our way will still be visible.
Setting options
You can set the time period for both deletion and anonymization settings. Once responses fall outside this time period, they will be either anonymized and/or deleted - depending on your settings. Let's take a look at the time periods that are supported:
- Never
- 1 month
- 3 months
- 6 months
- 1 year
- 2 years
- 3 years
Other Notes
- Changes are permanent, so please only adjust these settings if you're confident about deleting and/or anonymizing your data.
- Charges are retroactive, so please be aware that any historical data outside of the time window you specify will immediately be impacted.
- Policy updates will typically take 24 hours to go into effect.
Logging in: Email Address, Passwords, SSO, and 2-step security
. . . we've placed an article—called the Delighted Security Briefing: User Security Training—in this section of the Help Center. There is a short orientation video and a brief article to guide your Limited, Standard, and fellow Admin users in how to set up the security needed to protect their projects.
Email address
You can change the email address associated with your Delighted account at any time by heading to the Account menu and choosing "Email address."
Password requirements
Passwords are the first line of defense for protecting your data. With that in mind, Delighted applies industry-leading password requirements to ensure your account and data always remain secure.
Here are a few important details regarding Delighted passwords:
- Your password must include 10 characters or more.
- You can also enable 2-factor authentication as a second level of security in your account (highly recommended—keep reading below!).
- You will be locked out after multiple failed attempts to log in.
- You can request a password reset from the login page by clicking “forgot password.”
Logging in with SSO
Delighted offers Google SSO as a method of authenticating and logging into your account. When Google SSO is enabled, users can sign into Delighted with their existing Google credentials—no separate username and password required.
If you're a new user, follow these steps to sign up with Google SSO:
- 1
- Visit our Sign Up page.
- 2
- Click on "Sign up with Google" or "Sign Up with Apple."
- 3
- If already logged in, select your existing account. Otherwise, enter your credentials to log into your Google or Apple account.
- 4
- Once authenticated, you'll be directed through the rest of the onboarding experience (starting with selecting a Survey Type).
If you're an existing user, log into your account and follow the below steps to connect with Google or Apple SSO:
- 1
- From your Dashboard, click “Account” and then “Email address.”
- 2
- Click on "Connect with Google" or "Connect with Apple.
- 3
- If already logged in, select your existing account. Otherwise, enter your credentials to log into your Google or Apple account.
- 4
- Once authenticated, you'll be redirected back to your Delighted account.
You can disconnect from Google or Apple SSO at any time from the same Account > Email address page.
2-step security (2-factor authentication)
Delighted's 2-step security feature adds an additional level of identity verification when signing into your account. This makes your account more secure by requiring both your password and possession of your mobile phone to sign in.
When 2-step security is turned on, you’ll be asked for a 4-digit security code when attempting to log in. That code will be sent to your mobile phone via text message. You'll also be prompted to set a handful of recovery questions in case you lose access to your phone, or are having trouble receiving the text messages.
To set up 2-step security in your account, follow the below steps:
- 1
- From your Dashboard, click “Account” and then “2-step security.”
- 2
- Click “Turn on 2-step security.”
- 3
- Enter your recovery phone number.
- 4
- Select and set answers the security questions.
- 5
- Click “Send verification code” to complete set-up.
If you run into any issues logging into your account, reach out to our Customer Concierge team and we'll help out right away.
Who can see my data?
Only you, and in rare cases, us.
We will only look at your data if necessary to provide requested support. Any access of that data will always be conducted on fully encrypted devices and within full accordance of our privacy and security policies. We do not share any customer data with outside parties under any circumstances.
To further protect your data, never send customer data in email attachments to our team. If you need help troubleshooting a specific file, please send us a note and we can provide next steps.
What safeguards are in place to protect my data?
We maintain strict privacy and security policies to keep your data secure. The entire application is delivered with end-to-end encryption (SSL) to ensure your connection to our service is secure. The systems storing your data are carefully designed with multiple layers of security. For in-depth information about Delighted’s data protection practices, including disaster recovery, backups, encryption, and more, visit our security documentation.
What's more, our application is hosted and managed within Amazon Web Services (AWS) secure data centers. These data centers have been accredited under:
- ISO 27001
- SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 - Type II)
- PCI Level 1
- FISMA Moderate
- Sarbanes-Oxley (SOX)
We make extensive use of the capabilities and services provided by AWS to increase privacy and control network access throughout our system. Documents that provide more details about AWS security are available at AWS Whitepapers.
Do you do anything with the emails or phone numbers I’ve added to Delighted?
Absolutely not.
We only send surveys to the people you’ve chosen, at the times you’ve chosen. No other emails or text messages are sent, and we do not share this data with outside parties under any circumstances.