Privacy Policy
Privacy Policy for SurveyMotion.io
Last updated: July 2 2025
1. Who We Are
SurveyMotion, Inc. (“SurveyMotion,” “we,” “our,” or “us”) provides survey‑driven demand‑generation services for B2B companies. This Privacy Policy explains how we collect, use, disclose, and protect personal information when you visit surveymotion.io, use our platform, or interact with us in any other way.
2. Information We Collect
| Category | Examples | Source |
| Account & Contact Data | Name, business email, phone, job title, company, password (hashed) | You or your employer |
| Survey Responses | Answers to marketing or product surveys, free‑text comments | You, public data providers, leads |
| Sales‑Qualified Lead (“SQL”) Data | Same as Survey Responses, plus firmographic data (industry, headcount, revenue) | You, public data providers |
| Usage Data | IP address, browser type, device ID, referral URL, pages viewed, interactions, timestamps | Automated via cookies, pixels, and server logs |
| Marketing Preferences | Opt‑in/opt‑out choices, email engagement | You |
| Payment & Billing Data | Billing contact, invoicing address, tax IDs, payment status (we use Stripe; we never store full card numbers) | You; payment processor |
| Support Records | Chat transcripts, tickets, call recordings (where permitted) | You; our support tools |
We do not knowingly collect data about children under 16.
3. Why We Use Personal Information
- Deliver the Service – authenticate users, run surveys, generate survey leads and route meeting leads.
- Improve & Secure the Platform – debug, monitor performance, develop new features, prevent fraud and abuse.
- Marketing & Thought Leadership – send product updates, whitepapers, or event invites if you’ve consented or we have a legitimate interest.
- Client Reporting – share aggregated or respondent‑level data (never passwords or payment info) with the specific client whose survey you answered.
- Business Operations & Compliance – accounting, audits, legal claims, enforcement of our Master Services Agreement (MSA), compliance with GDPR, CCPA, and other laws.
Legal bases (GDPR): (i) contract performance, (ii) legitimate interests, (iii) consent, (iv) legal obligation.
4. How & With Whom We Share Information
| Recipient | Purpose | Safeguards |
| Authorized Clients | Deliver qualified survey or meeting leads exactly as promised in the survey intro screen | B2B contract; DPA; leads limited to that client |
| Service Providers | Custom internal software and licensed SaaS | Strict data‑processing agreements; access least necessary |
| Professional Advisors | Legal, accounting, insurance | Confidentiality obligations |
| Business Transfers | Merger, acquisition, financing, or sale of assets | Notice + continued protection of data |
| Legal & Regulatory Authorities | Respond to lawful requests, enforce rights, prevent fraud | Verify request’s validity; minimize scope |
| Aggregated/Anonymized Reports | Benchmarking, trends | No individual can be identified |
We never sell personal information.
5. Cookies & Similar Technologies
- Strictly Necessary Cookies – session management, security.
- Analytics Cookies – product usage insights (e.g., Plausible Analytics, cookieless by default).
- Marketing Pixels – LinkedIn Insight Tag; disabled unless you accept marketing cookies.
Cookie banner lets you toggle non‑essential cookies. Do‑Not‑Track signals are honored where feasible.
6. Data Retention
- Active client data: retained for the contract term + 24 months.
- Marketing lists: until you opt out or 24 months of inactivity.
- Logs & backups: 30–180 days.
- Legal records: as required to meet statutory obligations.
We delete or anonymize data when the retention period ends, unless longer retention is required by law.
7. Your Rights
| Jurisdiction | Rights |
| GDPR (EEA/UK) | Access, rectification, erasure, restriction, portability, objection, lodge a complaint with a supervisory authority |
| CCPA/CPRA (California) | Know, delete, correct, opt‑out of “sharing” for cross‑context advertising, non‑discrimination |
| Other Regions | We extend comparable rights wherever legally required |
Submit requests to support@surveymotion.io with the subject line “Privacy Request”. We will verify your identity before acting.
8. International Data Transfers
We host data in the United States. When we transfer data from the EEA/UK or Switzerland, we rely on:
- Adequacy decisions (if applicable)
- Standard Contractual Clauses (SCCs) + supplementary measures
- Our SOC 2 Type II‑audited security program
9. Security Practices
We employ “reasonable security practices” aligned with ISO 27001 and SOC 2 standards:
- TLS 1.3 encryption in transit; AES‑256 at rest
- Passwords hashed with bcrypt and salted
- Role‑based access control, MFA‑enforced for all staff
- Principle of least privilege and quarterly access reviews
- Continuous vulnerability scanning; annual penetration tests
- 24×7 audit logging and anomaly detection
- Encrypted off‑site backups; tested disaster‑recovery plan
- Incident‑response playbooks with 72‑hour breach notice commitment (24 hours for EU/UK data)
No system is 100 % secure; you share information at your own risk.
10. Changes to This Policy
We update this Policy when needed.
Continued use of the Service after the effective date constitutes acceptance.
11. Contact Us
Email: support@surveymotion.io
Mail: Attn: Data Protection Officer, Survey Motion, LLC, 4079 Governor Drive, PMB 5046, San Diego, CA 92122 USA