Security and Privacy

In this article:


Introduction: Protecting your data

Protecting your data is our top priority. We understand that you are trusting us with your data, and we take the responsibility of securing it extremely seriously. To do your part, please be sure to review our Terms of Service, as well as our other security and privacy documentation before using Delighted.

Quickly train your users in Delighted's security protocols!

In order to use your organization's account, users must set many many of the Delighted security systems up for themselves. As an Admin, you can't do it for them.

So, to help them get started safely, send your users to our security training article, Delighted Security Briefing: User Security Training, in this section of the Help Center.

Back to top

Delighted security and privacy documentation

The below documentation offers details regarding Delighted’s security and privacy policies and architecture.

If your team requires a review of security procedures and architecture before purchasing any software or service, the below documentation will provide most, if not all, of the information needed.

  • Security overview: Reviews key system architecture, fallout and disaster recovery, data storage and security, encryption and authentication details, and more.
  • Privacy documentation: Explains the type of information we collect from users and what we do with it (like personalize experiences and improve our customer service). Note that your data and transactions will not be sold, exchanged, transferred, or given to any other company.
  • Terms of Service: Details Delighted’s appropriate terms of use, as well as agreements regarding payment and renewal. Please read these Terms of Service carefully before using or the products or services offered by Delighted.
  • GDPR: Reviews our compliance with the European Union’s General Data Protection Regulation (GDPR).

If you have questions about any of the above documentation or require further security review, please reach out to our Customer Concierge team.

Back to top

Certifications: GDPR and CCPA

Delighted is GDPR and CCPA compliant. As a customer of Delighted, you are covered automatically by our Terms of Service and Privacy Policy. These cover core requirements of GDPR and CCPA, including sale of personal data, right to erasure of personal data, etc.

Back to top

Data retention policy

Delighted’s Data Retention Policy feature provides options to automatically (1) Delete response data outside of a specific time window and/or (2) Anonymize data outside of a specific time window. You can review your policy settings by heading to the Data retention policy page.

Finding your Data Retention Policy settings

Head to your Account page and select "Data retention policy," and then click to head into your policy settings — Delete responses and Anonymize responses.Delete Responses

This setting will automatically delete responses once outside of a time window that you specify.

Anonymize Responses

This setting will automatically anonymize responses (anonymizing name/email/phone number and any other personally identifiable information fields like IP addresses) once outside of a time window that you specify. We will only anonymize name, email, and phone number fields, so any other properties you pass our way will still be visible.

Setting options

You can set the time period for both deletion and anonymization settings. Once responses fall outside this time period, they will be either anonymized and/or deleted - depending on your settings. Let's take a look at the time periods that are supported:

  • Never
  • 1 month
  • 3 months
  • 6 months
  • 1 year
  • 2 years
  • 3 years

Other Notes

  • Changes are permanent, so please only adjust these settings if you're confident about deleting and/or anonymizing your data.
  • Charges are retroactive, so please be aware that any historical data outside of the time window you specify will immediately be impacted.
  • Policy updates will typically take 24 hours to go into effect.

Back to top

Logging in: Email Address, Passwords, SSO, and 2-step security

To help you train your team . . .

. . . we've placed an article—called the Delighted Security Briefing: User Security Training—in this section of the Help Center. There is a short orientation video and a brief article to guide your Limited, Standard, and fellow Admin users in how to set up the security needed to protect their projects.

Email address

You can change the email address associated with your Delighted account at any time by heading to the Account menu and choosing "Email address."

Password requirements

Passwords are the first line of defense for protecting your data. With that in mind, Delighted applies industry-leading password requirements to ensure your account and data always remain secure. 

Here are a few important details regarding Delighted passwords: 

  • Your password must include 10 characters or more.
  • You can also enable 2-factor authentication as a second level of security in your account (highly recommended—keep reading below!).
  • You will be locked out after multiple failed attempts to log in.
  • You can request a password reset from the login page by clicking “forgot password.”

Logging in with SSO

Delighted offers Google SSO as a method of authenticating and logging into your account. When Google SSO is enabled, users can sign into Delighted with their existing Google credentials—no separate username and password required.

If you're a new user, follow these steps to sign up with Google SSO:

Visit our Sign Up page.
Click on "Sign up with Google" or "Sign Up with Apple."
If already logged in, select your existing account. Otherwise, enter your credentials to log into your Google or Apple account.
Once authenticated, you'll be directed through the rest of the onboarding experience (starting with selecting a Survey Type).

If you're an existing user, log into your account and follow the below steps to connect with Google or Apple SSO:

From your Dashboard, click “Account” and then “Email address.”
Click on "Connect with Google" or "Connect with Apple.
If already logged in, select your existing account. Otherwise, enter your credentials to log into your Google or Apple account.
Once authenticated, you'll be redirected back to your Delighted account.

You can disconnect from Google or Apple SSO at any time from the same Account > Email address page.

2-step security (2-factor authentication)

Delighted's 2-step security feature adds an additional level of identity verification when signing into your account. This makes your account more secure by requiring both your password and possession of your mobile phone to sign in.

When 2-step security is turned on, you’ll be asked for a 4-digit security code when attempting to log in. That code will be sent to your mobile phone via text message. You'll also be prompted to set a handful of recovery questions in case you lose access to your phone, or are having trouble receiving the text messages.

To set up 2-step security in your account, follow the below steps:

From your Dashboard, click “Account” and then “2-step security.”
Click “Turn on 2-step security.”
Enter your recovery phone number.
Select and set answers the security questions.
Click “Send verification code” to complete the set-up.

If you run into any issues logging into your account, reach out to our Customer Concierge team and we'll help out right away.

Back to top

Signing out

To securely sign out of Delighted:

Click "Account."

Click "Sign out."

Back to top

Who can see my data?

Only you, and in rare cases, us.

We will only look at your data if necessary to provide requested support. Any access of that data will always be conducted on fully encrypted devices and within full accordance of our privacy and security policies. We do not share any customer data with outside parties under any circumstances.

To further protect your data, never send customer data in email attachments to our team. If you need help troubleshooting a specific file, please send us a note and we can provide next steps.

Back to top

What safeguards are in place to protect my data?

We maintain strict privacy and security policies to keep your data secure. The entire application is delivered with end-to-end encryption (SSL) to ensure your connection to our service is secure. The systems storing your data are carefully designed with multiple layers of security. For in-depth information about Delighted’s data protection practices, including disaster recovery, backups, encryption, and more, visit our security documentation.

What's more, our application is hosted and managed within Amazon Web Services (AWS) secure data centers. These data centers have been accredited under:

  • ISO 27001
  • SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 - Type II)
  • PCI Level 1
  • FISMA Moderate
  • Sarbanes-Oxley (SOX)

We make extensive use of the capabilities and services provided by AWS to increase privacy and control network access throughout our system. Documents that provide more details about AWS security are available at AWS Whitepapers.

Back to top

Do you do anything with the emails or phone numbers I’ve added to Delighted?

Absolutely not.

We only send surveys to the people you’ve chosen, at the times you’ve chosen. No other emails or text messages are sent, and we do not share this data with outside parties under any circumstances.

Back to top

Still need help? Contact Us Contact Us