Security and Privacy


GDPR Compliance

QuestionPro is fully compliant with General Data Protection Regulation (GDPR) and our survey software users can create and send GDPR compliant data collection surveys. To aid this process, we have put in place a sophisticated process to ensure all data being collected using our platform is fully GDPR compliant including data portability, data protection, consent and other compliance features.


ISO 27001:2013 Certified Company

QuestionPro is an ISO 27001:2013 certified company. The ISO 27001 is a globally recognized international standard for managing risks to the security information you hold. We have all the sets of standardized requirements for an Information Security Management System (ISMS). Under these standards, we adopt a process-based approach for establishing, implementing, operating, monitoring, maintaining, and improving your ISMS.


CCPA Compliance

The California Consumer Privacy Act (CCPA) is supposed to go into effect from January 1, 2020. QuestionPro has assessed compliance readiness against CCPA requirements through a comprehensive/interactive assessment. We have a solid action plan in place to address the gaps, and we are working on building a consensus to implement program that includes gap & risk analysis, industry benchmarking, and resource plans. We aim to become fully CCPA compliant by the end of December 2019.


PCI -DSS compliant

QuestionPro Inc. is compliant with the Payment Card Industry’s Data Security Standards (PCI - DSS). Launched in 2006, the Payment Card Industry Security Standards Council has put forth a series of regulations for merchants to follow in safely accepting, storing, processing, and transmitting customer credit card data. We at QuestionPro adhere to all these set standards to ensure the complete protection of our clients against possible data breaches.


Section 508 Compliance

Surveys created through QuestionPro are Section 508 (US Federal Accessibility Guidelines) compliant. Online surveys, questionnaires or polls that are created on our platform are compliant for differently abled personnel to access, consume information or action on. Through this compliance, QuestionPro demonstrates its commitment to being all-inclusive.


Family Education Rights and Privacy Acts (FERPA)

QuestionPro is committed to staying compliant with the Family Education Rights and Privacy Act. We ensure all our clients are following the same code of conduct. Apart from including contractual protections in the service agreement.To ensure adherence with the FERPA guidelines, we follow strict administrative and technology protocol. To know more about latest happenings in FERPA, visit


QuestionPro Privacy Policy

All data is accessed and owned by the survey creator who must provide a username and password. It also describes the choices available to you regarding the use of, your access to, and how to update and correct your personal information.


Security Overview

QuestionPro Security PDF

At QuestionPro, security is our top priority. We've gone through great lengths to adhere to the highest standards of internet security. For a more detailed outline of our robust security measures, please download the Security PDF.

SOC 2 certification

SOC 2 Data Centers

QuestionPro owned and managed servers are co-located at off-site data centers. These facilities undergo periodic SOC 2 audits and are monitored for unauthorized access and service availability twenty-four hours a day. These ongoing audits, conducted by an independent accounting firm, signifies that the data center security and operational procedures have been reviewed and tested to validate that controls and processes have been suitably designed and are operating effectively, in addition to protecting and safeguarding customer's equipment and data.


HIPAA Compliance

QuestionPro is Health Insurance Portability and Accountability Act (HIPAA) compliant and all individual data that is collected in the form of online surveys is protected. We have physical, network and process security measures to collect patient health information (PHI). Administering HIPAA compliant surveys help organizations that use the QuestionPro online survey tool to manage their research while being mindful of PHI collected.


University Institutional Review Boards

University Institutional Review Boards (IRB's) need to approve both the survey tool and the researcher independently. Surveys from QuestionPro have been approved by IRB’s for research by over 1000 universities, in the United States and worldwide. This compliance helps students and researchers alike in universities conduct in-depth studies on the QuestionPro online survey tool and collect compliant data. Some of the largest universities we work with, are:

  • University of Tennessee
  • University of Texas
  • Robert Morris University
  • And 1000+ more universities

Federalwide Assurance Number

Verify Our FWA (search under "QuestionPro")

The Federalwide Assurance (FWA) number is assigned by the United States Department of Health and Human Services, Office of Human Research Protections (OHRP). QuestionPro provides its customers an institutional federalwide assurance which ensures any online surveys conducted by using the platform, protects the interests and data of human subjects.


Respondent Anonymity Assurance Program

Respondent Anonymity Assurance
Track Respondents
Send Reminders
Anti-Ballot Box Stuffing Capability
QuestionPro offers a unique guarantee to survey researchers to protect the privacy and confidentiality of the respondents.


COVID-19 & Pandemic BCP Considerations

COVID-19 & Pandemic BCP Considerations

QuestionPro is a global company with employees in remote locations: India, Dubai, Germany, Mexico and the US. With tools and systems in place for remote working and a completely digital presence. Our plan ensures that all business-critical functions of the organization are fully operational, allowing us to serve our customers without delay. For more information view our business continuity plan above.