Security and Privacy
In this article:
- About protecting your data.
- Delighted security and privacy documentation.
- Certifications: GDPR and CCPA.
- Data retention policy.
- Logging in: Email Address, Passwords, SSO, and 2-step security.
- Signing out.
- Who can see my data?
- What safeguards are in place to protect my data?
- Do you do anything with the emails or phone numbers I've added to Delighted?
Suggested next article: Delighted Security Briefing: User Security Training
About protecting your data
Protecting your data is our top priority. We understand that you are trusting us with your data, and we take the responsibility of securing it extremely seriously. Please review our Terms of Service, as well as our other security and privacy documentation before using Delighted.
Train your team in Delighted's security protocols
To help you with your user training and organizational compliance, we've placed an article — called the Delighted Security Briefing: User Security Training — in the Help Center. There is a short orientation video and a brief article to guide your Limited, Standard, and Admin users.
- The guide can be very helpful as users must set up many of the Delighted security systems for themselves. Even as an Admin, you can't do it for them!
Delighted security and privacy documentation
The below documentation will provide most, if not all, of the information needed should your team requires a review of security procedures and architecture before purchasing.
|Reviews key system architecture, fallout and disaster recovery, data storage and security, encryption and authentication details, and more
|Explains the type of information we collect from users and what we do with it (like personalize experiences and improve our customer service). Note that your data and transactions will not be sold, exchanged, transferred, or given to any other company
|Terms of Service
|Reviews our compliance with the European Union’s General Data Protection Regulation (GDPR)
If you have questions about any of the above documentation or require further security review, please reach out to our Customer Concierge team.
Certifications: GDPR and CCPA
If you receive a CCPA request, your business can remain in compliance with CCPA by deleting contacts through:
- The People page and via manual deletions and/or
- via the API https://app.delighted.com/docs/api/deleting-people
To learn more about which Delighted features support our GDPR compliance, read our GDPR page
Data retention policy
Delighted’s Data Retention Policy feature provides options to automatically 1) Delete response data outside of a specific time window and/or 2) Anonymize data outside of a specific time window. You can review your policy settings by heading to the Data retention policy page.
A few important footnotes
- Changes are permanent, so please only adjust these settings if you're confident about deleting and/or anonymizing your data
- Charges are retroactive, so be aware that historical data outside of the time window you specify will be immediately impacted
- Policy updates will typically take 24 hours to go into effect
Finding your Data Retention Policy settings
Head to your Account page and select "Data retention policy," and then click to head into your policy settings — Delete responses and Anonymize responses.
This setting will automatically delete responses outside of a time window that you specify.
This setting will automatically anonymize responses (anonymizing name/email/phone number and any other personally identifiable information fields like IP addresses) once outside of a time window that you specify. We will only anonymize name, email, and phone number fields, so any other properties you pass our way will still be visible.
You can set the time period for both deletion and anonymization settings. Once responses fall outside this time period, they will be either anonymized and/or deleted — depending on your settings. Let's take a look at the time periods that are supported:
- 1 month
- 3 months
- 6 months
- 1 year
- 2 years
- 3 years
Logging in: Email Address, Passwords, SSO, and 2-step security
You can change the email address associated with your Delighted account at any time by heading to the Account menu and choosing "Email address."
Passwords are the first line of defense for protecting your data. With that in mind, Delighted applies industry-leading password requirements to ensure your account and data always remain secure.
Here are a four important details regarding Delighted passwords:
|Your password must include 10 characters or more
|You can also enable 2-factor authentication as a second level of security in your account (highly recommended — keep reading below!)
|You will be locked out after multiple failed attempts to log in
|You can request a password reset from the login page by clicking “forgot password”
Delighted makes updating passwords a snap. The main caveat is that the password must be 10 characters or longer. It's up to you to decide on the use of special characters, capitalization, and numbers in a new password. (Consider including upper and lower case letters, numbers, and special characters.)
To change your password:
Click "Account" → "Personal details"
- Pick "Change password"
- Enter your current password
- Enter your new password. Click the blue eye to see what you’re typing!
- Click "Save Changes"
Logging in with SSO
Delighted offers Google SSO as a method of authenticating and logging you into your account. When Google SSO is enabled, users can sign into Delighted with their existing Google credentials — no separate username and password required.
To connect Google or Apple SSO and log in with SSO thereafter:
- From your Dashboard, click “Account” → “Personal details”
- Click on "Connect with Google" or "Connect with Apple
- If already logged in, select your existing account. Otherwise, enter your credentials to log into your Google or Apple account
- Once authenticated, you'll be redirected back to your Delighted account
About disconnecting from SSO
You can disconnect from Google or Apple SSO at any time from the same "Account" → "Email" address page.
2-step security (2-factor authentication)
Delighted's 2-step security feature adds an additional level of identity verification. This makes your account more secure by requiring both your password and possession of your mobile phone to sign in.
When 2-step security is turned on, you’ll be asked for a 4-digit security code when attempting to log in. That code will be sent to your mobile phone via text message. You'll also be prompted to set a handful of recovery questions in case you lose access to your phone, or are having trouble receiving the text messages.
To set up 2-step security, follow the below steps:
From your Dashboard, click “Account” → “2-step security”
- Click “Turn on 2-step security”
- Enter your recovery phone number
- Select and set answers to the security questions
- Click “Send verification code” to complete the set-up
If you run into any issues logging into your account, reach out to our Customer Concierge team and we'll help out right away.
To securely sign out of Delighted:
- Click "Account"
- Click "Sign out"
Who can see my data?
Only you, and in rare cases, us.
We will only look at your data if necessary to provide requested support. Any access of that data will always be conducted on fully encrypted devices and within full accordance of our privacy and security policies. We do not share any customer data with outside parties under any circumstances.
To further protect your data, never send customer data in email attachments to our team. If you need help troubleshooting a specific file, please send us a note and we can provide next steps.
What safeguards are in place to protect my data?
We maintain strict privacy and security policies to keep your data secure. The entire application is delivered with end-to-end encryption (SSL) to ensure your connection to our service is secure. The systems storing your data are carefully designed with multiple layers of security. For in-depth information about Delighted’s data protection practices, including disaster recovery, backups, and encryption visit our security documentation.
Our application is hosted and managed within Amazon Web Services (AWS) secure data centers. These data centers have been accredited under:
- ISO 27001
- SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 - Type II)
- PCI Level 1
- FISMA Moderate
- Sarbanes-Oxley (SOX)
We make extensive use of the capabilities and services provided by AWS to increase privacy and control network access throughout our system. Documents that provide more details about AWS security are available at AWS Whitepapers.
Do you do anything with the emails or phone numbers I’ve added to Delighted?
We only send surveys to the people you’ve chosen, at the times you’ve chosen. No other emails or text messages are sent, and we do not share this data with outside parties under any circumstances.