Security and Privacy

In this article:


Suggested next article: Delighted Security Briefing: User Security Training

About protecting your data

Protecting your data is our top priority. We understand that you are trusting us with your data, and we take the responsibility of securing it extremely seriously. Please review our Terms of Service, as well as our other security and privacy documentation before using Delighted.

Train your team in Delighted's security protocols

To help you with your user training and organizational compliance, we've placed an article — called the Delighted Security Briefing: User Security Training — in the Help Center. There is a short orientation video and a brief article to guide your Limited, Standard, and Admin users.

  • The guide can be very helpful as users must set up many of the Delighted security systems for themselves. Even as an Admin, you can't do it for them! 

Back to top

Delighted security and privacy documentation

The below documentation offers details regarding Delighted’s security, privacy policies, and architecture.

The below documentation will provide most, if not all, of the information needed should your team requires a review of security procedures and architecture before purchasing.

Security overview Reviews key system architecture, fallout and disaster recovery, data storage and security, encryption and authentication details, and more
Privacy documentation Explains the type of information we collect from users and what we do with it (like personalize experiences and improve our customer service). Note that your data and transactions will not be sold, exchanged, transferred, or given to any other company
Terms of Service Details Delighted’s appropriate terms of use, as well as agreements regarding payment and renewal. Please read these Terms of Service carefully before using or the products or services offered by Delighted
GDPR Reviews our compliance with the European Union’s General Data Protection Regulation (GDPR)

If you have questions about any of the above documentation or require further security review, please reach out to our Customer Concierge team.

Back to top

Certifications: GDPR and CCPA

As a customer of Delighted, you are covered automatically by our Terms of Service and Privacy Policy. These address the core requirements of GDPR and CCPA, including sale of personal data, right to erasure of personal data, etc.

If you receive a CCPA request, your business can remain in compliance with CCPA by deleting contacts through:
  1. The People page and via manual deletions and/or
  2. via the API

GDPR compliance

To learn more about which Delighted features support our GDPR compliance, read our GDPR page

Back to top

Data retention policy

Delighted’s Data Retention Policy feature provides options to automatically 1) Delete response data outside of a specific time window and/or 2) Anonymize data outside of a specific time window. You can review your policy settings by heading to the Data retention policy page.

A few important footnotes
  • Changes are permanent, so please only adjust these settings if you're confident about deleting and/or anonymizing your data
  • Charges are retroactive, so be aware that historical data outside of the time window you specify will be immediately impacted
  • Policy updates will typically take 24 hours to go into effect

Finding your Data Retention Policy settings

Head to your Account page and select "Data retention policy," and then click to head into your policy settings — Delete responses and Anonymize responses.

Delete Responses

This setting will automatically delete responses outside of a time window that you specify.

Anonymize Responses

This setting will automatically anonymize responses (anonymizing name/email/phone number and any other personally identifiable information fields like IP addresses) once outside of a time window that you specify. We will only anonymize name, email, and phone number fields, so any other properties you pass our way will still be visible.

Setting options

You can set the time period for both deletion and anonymization settings. Once responses fall outside this time period, they will be either anonymized and/or deleted — depending on your settings. Let's take a look at the time periods that are supported:

  • Never
  • 1 month
  • 3 months
  • 6 months
  • 1 year
  • 2 years
  • 3 years

Back to top

Logging in: Email Address, Passwords, SSO, and 2-step security

Email address

You can change the email address associated with your Delighted account at any time by heading to the Account menu and choosing "Email address."

Password requirements

Passwords are the first line of defense for protecting your data. With that in mind, Delighted applies industry-leading password requirements to ensure your account and data always remain secure. 

Here are a four important details regarding Delighted passwords:

1 Your password must include 10 characters or more
2 You can also enable 2-factor authentication as a second level of security in your account (highly recommended — keep reading below!)
3 You will be locked out after multiple failed attempts to log in
4 You can request a password reset from the login page by clicking “forgot password”

Changing passwords

Delighted makes updating passwords a snap. The main caveat is that the password must be 10 characters or longer.  It's up to you to decide on the use of special characters, capitalization, and numbers in a new password. (Consider including upper and lower case letters, numbers, and special characters.)

To change your password:


Click "Account" → "Personal details"

Pick "Change password"
Enter your current password
Enter your new password. Click the blue eye to see what you’re typing!
Click "Save Changes"

Logging in with SSO

Delighted offers Google SSO as a method of authenticating and logging you into your account. When Google SSO is enabled, users can sign into Delighted with their existing Google credentials — no separate username and password required.

To connect Google or Apple SSO and log in with SSO thereafter:

From your Dashboard, click “Account” → “Personal details”
Click on "Connect with Google" or "Connect with Apple
If already logged in, select your existing account. Otherwise, enter your credentials to log into your Google or Apple account
Once authenticated, you'll be redirected back to your Delighted account
About disconnecting from SSO

You can disconnect from Google or Apple SSO at any time from the same "Account" → "Email" address page.

2-step security (2-factor authentication)

Delighted's 2-step security feature adds an additional level of identity verification. This makes your account more secure by requiring both your password and possession of your mobile phone to sign in.

When 2-step security is turned on, you’ll be asked for a 4-digit security code when attempting to log in. That code will be sent to your mobile phone via text message. You'll also be prompted to set a handful of recovery questions in case you lose access to your phone, or are having trouble receiving the text messages.

To set up 2-step security, follow the below steps:

From your Dashboard, click “Account” → “2-step security”
Click “Turn on 2-step security”
Enter your recovery phone number
Select and set answers to the security questions
Click “Send verification code” to complete the set-up

If you run into any issues logging into your account, reach out to our Customer Concierge team and we'll help out right away.

Back to top

Signing out

To securely sign out of Delighted:

Click "Account"
Click "Sign out"

Back to top

Who can see my data?

Only you, and in rare cases, us.

We will only look at your data if necessary to provide requested support. Any access of that data will always be conducted on fully encrypted devices and within full accordance of our privacy and security policies. We do not share any customer data with outside parties under any circumstances.

To further protect your data, never send customer data in email attachments to our team. If you need help troubleshooting a specific file, please send us a note and we can provide next steps.

Back to top

What safeguards are in place to protect my data?

We maintain strict privacy and security policies to keep your data secure. The entire application is delivered with end-to-end encryption (SSL) to ensure your connection to our service is secure. The systems storing your data are carefully designed with multiple layers of security. For in-depth information about Delighted’s data protection practices, including disaster recovery, backups, and encryption visit our security documentation.

Our application is hosted and managed within Amazon Web Services (AWS) secure data centers. These data centers have been accredited under:

  • ISO 27001
  • SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 - Type II)
  • PCI Level 1
  • FISMA Moderate
  • Sarbanes-Oxley (SOX)

We make extensive use of the capabilities and services provided by AWS to increase privacy and control network access throughout our system. Documents that provide more details about AWS security are available at AWS Whitepapers.

Back to top

Do you do anything with the emails or phone numbers I’ve added to Delighted?

Absolutely not.

We only send surveys to the people you’ve chosen, at the times you’ve chosen. No other emails or text messages are sent, and we do not share this data with outside parties under any circumstances.

Back to top

Still need help? Contact Us Contact Us