Security & Compliance

Your data never leaves
Salesforce.

SurveyVista is built on the Salesforce platform. SurveyVista data is stored in your Salesforce org, protected by Salesforce's infrastructure, and covered by the certifications you already approved.

security-banner-img

Security you already approved

When your organization approved Salesforce, it approved a platform that aligns with enterprise security standards such as SOC 2 Type II, ISO 27001, GDPR, and sector-specific controls. SurveyVista is built natively on Salesforce, so survey data stays inside your Salesforce org, protected by the same encryption, backup, access control, and monitoring framework your teams already trust.

lock
Data location

All survey and feedback data stored in your Salesforce instance. No external database. No third- party hosted storage. Your Salesforce, your data.

Encryption

Protected by Salesforce Shield Platform Encryption where configured. Data at rest and in transit uses the same encryption as your CRM data.

coverage
Compliance coverage

SOC 2 Type II · ISO 27001 · GDPR · CCPA · HIPAA (via Health Cloud). No separate SurveyVista certification required — Salesforce's certifications apply.

key
Access control

Salesforce profiles, permission sets, and field-level security apply automatically. No separate user management system. No additional credentials.

Security reviewed and assured by Salesforce

SurveyVista is listed on the Salesforce AppExchange and has completed Salesforce's security review process. AppExchange listings undergo regular vulnerability scanning and the review history is publicly visible on our AppExchange listing. This is the same review standard applied to every AppExchange application.

shield
Salesforce AppExchange Security Reviewed
star 4.96/5 · 222+ reviews
View our listing

Why external feedback tools create additional risk

The 2024 Verizon Data Breach Report found that 15% of breaches involved third-party software and integrations. Each external tool connected to Salesforce increases your attack surface in four specific ways:

  1. API credentials: keys and tokens stored in external systems and vendor environments
  2. Data in transit: customer data travelling between cloud environments
  3. Vendor audit requirements: separate annual security assessments for each tool
  4. Breach notifications: multiple notification processes across multiple vendors

Security FAQ

Does SurveyVista store data outside Salesforce?

No. All data collected through SurveyVista is stored in Salesforce objects within your Salesforce org. No data is stored on Ardira’s servers or any third-party infrastructure.

What compliance certifications apply to SurveyVista?

SurveyVista inherits Salesforce’s compliance certifications, including SOC 2 Type II, ISO 27001, and GDPR. Because all data is stored within Salesforce, no additional SurveyVista-specific certification is required.

Does SurveyVista require a separate vendor security assessment?

No. SurveyVista is native to Salesforce. Your existing Salesforce security approval covers SurveyVista. There is no additional vendor to assess.

Is SurveyVista GDPR compliant?

Yes. Data processed by SurveyVista is stored in Salesforce and subject to Salesforce’s GDPR data processing agreements. SurveyVista does not create an additional data controller or processor relationship.

What Salesforce security features does SurveyVista support?

SurveyVista fully supports Salesforce profiles, permission sets, field-level security, organisation-wide defaults, and Salesforce Shield where configured in your org.

Get Started with a Free Trial!

    Talk to Us