The Heartbleed Bug has been a troublesome headline in the news recently. We want to assure you that all servers used by the SurveyGold survey solution are running OpenSSL version 1.0.1g, the most current version of OpenSSL. As a result, our servers are not vulnerable to the Heartbleed Bug which has garnered so much worldwide attention today.

As a reflection of our commitment to protecting the data you entrust to our SurveyGold survey solution, all of our websites comply with PCI Security Standards. Rigorous PCI compliance scans are performed once every three months by a third-party and the results of their findings are described in a SurveyGold PCI Compliance Attestation.

Here is a profile of buyer criteria for institutions considering SurveyGold.

Statement on vendor reputation, maturity in cloud applications and independent third-party assessments of vendor safeguards and processes.  Vendor’s right to change the terms of use at any time and in any way without the permission of the user and frequently without notifying the user.

Regarding vendor safeguards and processes, in November 2015 SurveyGold changed to the HostingSource.com web hosting service for our web services, which are critical to the online features of any SurveyGold application. HostingSource.com is located in Secaucus, New Jersey, USA. Their data center is HIPPA compliant and employs a parallel, redundant, multi-tiered network architecture. All data links provide Tier 1 bandwidth. Their privacy policy meets all standards as set forth by U.S. Department of Commerce regarding the collection, use, and retention of personal information. This ensures excellent performance, up-time and data protection.

Regarding our reputation, we have been serving a global customer base since 1999. We received a 9.5 out of 10 rating for three years in a row from the independent review site TopTenReviews and also have high ratings from CNET/Download.com where over 60,000 users have downloaded and used our SurveyGold application.

​We manage our support services pro-actively and have a high response rate to inquiries, with approximately 50% being responded to in one hour or less. To give you a lens into how widely used our SurveyGold application is, take a look at this representative sample of our customer list.

Regarding our right to change the terms at any time, we have gone on record regarding our view of the data ownership and sacred trust. Simply said, if we blow that promise, we blow our brand. Trust is an essential part of our brand promise.

We also have published website notices specific to SurveyGold software, documents and links as well as general legal notices.

What is the exit strategy for disengaging from the vendor or service to fully delete all data from their service including distributed or back-up copies?  How will we be able to recover our data from the vendor, especially in cases where the vendor shuts down. 

The SurveyGold solution delivers the data to the SurveyGold application which records it in the SurveyGold database application...all of which reside on the survey author's computer. SurveyGold application users have access to this data forever, even if Golden Hills Software goes out of business. SurveyGold application licenses are perpetual, which means that they never expire, so you will never be locked out of the SurveyGold application.

As part of normal practice, the SurveyGold application provides the ability to backup and restore the SurveyGold database using your own data storage solution (e.g., network folder, USB drive).

So, the bottom line is that the SurveyGold solution puts you in possession of your data. 

Vendor statement on: privileged user access, data location, data segregation, data ownership, recovery/data availability, return of data, change management, user provisioning and de-provisioning,  personnel practices, incident response plans, and investigative/management support.

Statement on encryption. Transmission of data to the vendor site must be encrypted. The data must also be encrypted at the vendor.

Our Privacy Policy describes how we encrypt and secure all SurveyGold data. Refer to the topic entitled "How Do We Protect Your Information?".

Our SurveyGold Online Services services manage, process and track your SurveyGold data. These services are built upon the world-class data center operating environment of our web hosting partner, HostingSource.com. 

All of our servers are actively monitored and regularly scanned to be compliant with PCI Security Standards.

Please provide a system architectural diagram as to how your software works.  For example, you mention the SurveyGold software on our computer.  We need to know more details about any impact of your software on our computer devices and if it interacts with your cloud hosted app, etc.

SurveyGold Response
This conceptual diagram of the SurveyGold solution describes the relevant details:

SurveyGold application - (surveygold.exe) A Windows application that installs on the survey author's computer. It is a stand-alone application that uses HTTPS (Port 443) to interact with SurveyGold Online Services. SurveyGold interacts with Microsoft Word, if it is detected on the computer, for the purposes of publishing reports and producing surveys in Word format. There are no other interactions with the SurveyGold application except for the following:

SurveyGold database application - (rteng9.exe) Sybase SQL Anywhere (SSA) is the database application that installs as part of the SurveyGold setup program. SurveyGold employs SSA for the purposes of securely and efficiently managing and tracking survey data.

SurveyGold updater application - (update.exe) This application installs as part of the SurveyGold setup program. SurveyGold uses it to provide software updates. 

SurveyGold online services - A set of online services employed by the SurveyGold application and accessible via surveygold.com (IP address: 206.72.194.40) and surveygoldcloud.com (IP address: 206.72.194.52​) for the purposes of publishing web surveys, collecting responses, acquiring SurveyGold application updates and other online features.

In light of the recent news and uproar surrounding Instagram's updated terms of service describing their ability to sell photographs that are stored by users on their website, I thought it would be prudent and timely to remind you, our SurveyGold customers, of our position regarding the surveys and survey data that you collect, manage and track through the SurveyGold application and the surveygold.com, surveygoldplus.com and surveygoldcloud.com websites.

• Your online surveys and your online survey response data are processed by our websites and reside on our websites. However, your online surveys and your online survey responses belong to you. They do not belong to us. We are stewards of your data and nothing more. This means that the entire SurveyGold solution exists to serve your needs and not to serve our needs.
• We do not use your data for our business purposes. We proactively protect your survey and online survey response data via encryption and other measures. We do not scour your data looking for self-serving bits of information. We do not give anyone access to your data, unless required by law...which has never happened since opening our doors in 1999.
• We do not perform any other business activity with your online survey responses data other than making it available to you. We will never sell or provide your data to anyone or any institution without your knowledge and consent or, again, as required by law. We say so formally in our published privacy policy.
• As a reflection of our commitment to protecting the data you entrust to our SurveyGold survey solution, all of our websites are routinely scanned by an independent compliance organization and are attested to be compliant with PCI Security Standards.

My intention in making this statement is not to stir up a hornet's nest of inquiry and suspicion. Rather, my intention it so assure our SurveyGold users around the world that we consider it a sacred trust to process and store your online surveys and survey response data. We will never, ever, ever violate that trust. This is the very foundation of our SurveyGold brand promise to you.

You've created an online survey form using SurveyGold. You've distributed it to your respondents and they are filling out the form in droves. Magically the online survey responses start flowing into your SurveyGold application. All seems well until a thought crosses your mind, "Are my online survey responses being processed securely?"
 
It's a legitimate question and this article unpacks the details regarding the security of your SurveyGold online survey responses.

Before getting into the details of online survey security, it's probably a good idea to review just how your online survey responses are processed. The SurveyGold application is a workstation-based survey authoring and data collection solution. It provides the ability for you to create an online survey form that can be placed on your website or, more commonly, on a website available our online service.
 
What the Respondent Does: When a respondent submits responses to your online survey form, those online survey responses are sent securely from the respondent's web browser across the Internet and recorded on the surveygold.com website.

What You Do: Later, when you perform the Update Activity action in your SurveyGold application, those online survey responses are moved securely from the surveygold.com website across the Internet to the SurveyGold application that resides on your computer.
 
When we say "online survey responses are sent securely" we mean it. Responses are sent across the Internet using Transport Layer Security (TLS), the leading Internet encryption technology.
 
A pictorial overview of online survey form processing is available here.

The SurveyGold Online Services platform on the Internet is the behind-the-scenes hub in our online survey processing solution. In contrast to the majority of other online survey solutions, one distinctive aspect of SurveyGold is that it delivers online survey responses to an application on your computer. Here is why our solution is designed this way:

• It makes it feasible to deploy an online survey solution in an uncomplicated way that does not require information technology staff involvement. The SurveyGold solution is hassle free.
• It would not be possible to provide such an affordable survey solution without our online service as the lynchpin because it avoids the associated costs of installing expensive web server components and database components on your website.

Protecting the privacy of online survey responses submitted via our online service is our highest value. Our servers are actively tested by a third-party for PCI compliance. Online survey responses are encrypted while they are stored on the surveygold.com website. Nothing is done with the responses other than staging them transiently while they await delivery to the SurveyGold application on your computer. As they are downloaded to your computer, they are moved to an archival location on our online service website to serve as a backup and to provide you the ability to share survey responses in real-time with other SurveyGold users via the Shared Responses feature.

By the way, the online survey responses that are recorded on surveygold.com are completely encrypted when they come to rest and contain just one thing: responses. There is no contextual question data recorded on our online service.
 
This is by design so that the only place that responses are correlated to their associated questions is when they responses are downloaded via SurveyGold application to the survey author's computer. Your online survey responses reside in your SurveyGold application database (which is an encrypted file on your computer) after you have collected them into your SurveyGold application. After the responses are downloaded to your computer, they are moved to an archival location on our online service website to serve as a backup and to provide you the ability to share survey responses in real-time with other SurveyGold users via the Shared Responses feature.

Golden Hills Software is commited to integrity and honoring the implicit fiduciary trust that our global customer base has come to rely upon. To that end, we have published a privacy policy which outlines how our website is run and how responses are managed and what specific measures we employ to protect response data across the entire SurveyGold solution (both the website and your application).