Security at SeekWhy

Application Security

• Secure development lifecycle with code reviews
• Regular penetration testing and vulnerability assessments
• Web Application Firewall (WAF) protection
• DDoS mitigation and rate limiting
• Content Security Policy (CSP) headers
• SQL injection and XSS prevention

Data Protection

• TLS 1.3 encryption for all data in transit
• AES-256 encryption for data at rest
• Secure key management with regular rotation
• Automatic daily backups with point-in-time recovery
• Data retention policies with secure deletion
• No storage of payment card data (handled by Stripe)

Access & Authentication

• Secure password hashing with bcrypt
• Multi-factor authentication (MFA) support
• Single Sign-On (SSO) for enterprise plans
• Session management with secure tokens
• Role-based access control (RBAC)
• Comprehensive audit logging

Infrastructure Security

• Hosted on SOC 2 Type II certified cloud providers
• Network isolation and firewall protection
• Intrusion detection and prevention systems
• 24/7 infrastructure monitoring
• Automated security patching
• Geographic redundancy and failover

Respondent Privacy Features

SeekWhy provides multiple layers of privacy protection for survey respondents:

• True anonymous mode - no PII stored with responses
• Segment suppression hides small groups (configurable threshold)
• AI text anonymization rewrites responses to remove identifying patterns
• Respondents can preview anonymized text before submitting
• Clear privacy banners inform respondents of protection level

Incident Response

We maintain a documented incident response plan. In the event of a security incident, we will notify affected customers promptly and take immediate action to mitigate impact. We conduct post-incident reviews to prevent recurrence.