ENTERPRISE EARLY ACCESS: Currently only available to some customers on Enterprise. If you're interested, contact sales. If you already have an Enterprise account, contact your Customer Success Manager (CSM).
If you are a HIPAA “covered entity” (as defined by HIPAA) then make your way to our HIPAA Compliance and SurveyMonkey page for more information on how you can collect and manage Protected Health Information through surveys in a manner compliant with HIPAA.
If you are using SurveyMonkey to collect personal data (generally any information that can be linked to a specific individual, such as an individual’s name and/or contact details combined with sensitive information about that individual received), the Enhanced Sensitive Data Protection (ESDP) feature offers additional security benefits when using SurveyMonkey.
| Feature | Action to keep data secure |
| Security reminders | We remind users with in-product messages that appear whenever they perform certain operations, such as exporting survey data that could potentially be shared with third parties. |
| Automatic logoff | We timeout user sessions after 30 minutes of inactivity. |
| Account safeguarding | We implement faster removal of data when an account is deleted. |
[Enterprise only feature] If you're interested in adding ESDP to your account, contact your Customer Success Manager (CSM) directly. This feature is currently only available to customers in Europe, the Middle East and Africa.
Review the common questions below to understand how downgrades work for ESDP-enabled accounts.
Once you enable Enhanced Sensitive Data Protection on your account or team, follow these best practices when performing certain actions to help ensure that you're handling your data responsibly and securely.
Action | Security Tips |
| Exporting survey results | If you download survey results to your own computer, please make sure that those downloaded files are handled appropriately. We suggest that you secure those files by encrypting them and only transferring them under an encrypted connection. |
| Sharing surveys with others | When you share a survey, the people you choose to share it with will have access to view and possibly edit the survey, or access any collected survey responses. Remember to only share surveys with people who are authorized to work on that survey. |
| Transferring a survey to another account | If you must transfer a survey to a different SurveyMonkey account, make sure that you are absolutely certain that the receiving account is the one you intend to send it to. To transfer a survey, you must enter the exact username of that account. The transfer process cannot be undone without action by the receiving account holder. If your survey contains sensitive data, it is your responsibility to ensure that such information is only disclosed to an appropriate recipient. This means that if you transfer this data to another account, it is crucial that account is also ESDP-enabled. |
| Collecting responses | We recommend that you use a Web Link Collector. We do not recommend the use of an Email Invitation Collector. Email Invitation Collectors email survey invitations to contacts with a unique survey link tied to a contact's email address. If respondents are able to edit their responses, a contact of an email invitation could complete all or part of a survey and forward their unique survey link to someone else. This would allow the second contact to view the first contact’s responses, which may contain sensitive data. |
| Sharing survey results | Your survey results may contain sensitive data, so remember to only share survey results to authorized recipients. |