Data security and privacy.


Our application is built on a modern cloud infrastructure designed to ensure the safety of your data, and we’ve chosen proven third party cloud providers like AWS, who have a consistently excellent track record.

We’re not in the business of selling your data (anonymized or otherwise). You own your data and we will never sell it to third parties. We also won’t look at your data unless you give us permission for a support case.


Security features


Product security

Permissions
Global access roles allow admins to set permission levels for everyone in the workspace.
Secure passwords
Panelfox enforces a password complexity standard and credentials are stored using BCrypt with salts.
SSO via Google
Admins can instruct users to authenticate to Panelfox in one click using their Google account. They’ll never need to set a password with us to log in to their account or to sign up, even if they’re creating a new account.
Permanent deletion
Users can delete panelists, panelist data, studies and study data within Panelfox if they have the correct access rights.
High availability
We ensure high availability with automated and manual testing, statically typed languages, regular performance benchmarking, production logging and alerts, 24/7 on-call rotations, fast continuous deployments, and industry-standard cloud infrastructure.

Network and application security

Hosting and storage
Panelfox services and data are hosted in Amazon Web Services (AWS) facilities in the United States.
Encryption
Data is encrypted while moving between us and the browser with Transport Level Security (TLS). All SSL certificates are issued and managed through AWS, and we enable HTTP Strict Transport Security (HSTS).
Backups & monitoring
We use AWS RDS’ backup solution for datastores that contain customer data. On an application level, we store logs for all activity through Papertrail.
Incident response
Our engineering team has a 24 / 7 on-call rotation and escalation policy, with production alerts captured and automatically escalated.

Compliance

PCI DSS
All payments made to us go through our payments provider, Stripe. Details about their security setup and PCI compliance can be found on Stripe’s security page.