We are very concerned about security. Your survey/response data is stored in a separate database with a separate username/password for each LimeSurvey Cloud instance. The connection of your browser to our servers is also encrypted using SSL. The data inside LimeSurvey is by default not encrypted because it is regularly accessed by the LimeSurvey application (it is not at rest); however, you can configure responses to certain question types to be always encrypted at rest. Moreover, for participant data, you can select certain fields to be always encrypted. Furthermore, we create daily backups of your LimeSurvey data. That data is at rest and encrypted, stored safely on a different drive, but at the same hosting location.
Is my survey data in LimeSurvey Cloud encrypted?
Do you have a survey policy template available that is shown to the user before answering to the survey?
We do not offer a template for that. The data protection policy/law is very different for each country and also the type of data your collecting in our survey(s) has a big influence on how the policy should look like and what is allowed/required. Please contact your data protection officer or a lawyer to find out how such a policy should look like for your specific survey(s).
Is it possible to show a survey policy that participants must agree to before they participate in the survey?
Yes. In LimeSurvey Cloud, you can insert a survey policy in the survey settings and require the user to agree to that by checking a box.
Do I need to show a Cookie Consent form inside LimeSurvey?
It is not necessary to show a Cookie consent form. Here is a related excerpt from the EU commission website The EU Internet Handbook: Consent is not required if the cookie is: used for the sole purpose of carrying out the transmission of a communication, and strictly necessary in order for the provider of an information society service explicitly required by the user to provide that service. Cookies clearly exempt from consent according to the EU advisory body on data protection- WP29 include:user‑input cookies (session-id) such as first‑party cookies to keep track of the user's input when filling online forms, shopping carts, etc., for the duration of a session or persistent cookies limited to a few hours in some cases LimeSurvey is clearly covered by this case – without a cookie, it would not be possible to run a normal online survey safely that spreads over several pages.
I would like to establish a EU General Data Protection Regulation (GDPR) contract/agreement with you. Is that possible?
Yes. We offer on online contracting tool where you can quickly create the necessary contract with a few clicks yourself and download the resulting contract as PDF - the resulting document is already signed by us.You can find the tool here: In your LimeSurvey website profile click on the menu entry GDPR agreements in the left menu.
I am from Europe and/or would like to survey European participants. Is your LimeSurvey Cloud service compatible with the GDPR?
Yes, we are generally GDPR compatible. To be compatible with the GDPR & EU law we strongly recommend selecting our German server as server location as it is the only server location where we can guarantee full EU GDPR compliance for the future. Our other locations benefit from our belief in strong privacy, but local legislation may contradict the GDPR and void the GDPR compatibility.
Where and how is my survey data hosted/stored?
If you are using our LimeSurvey Cloud hosting: When creating your LimeSurvey Cloud instance, you will be asked for the server location, where we will host your data. Currently, we offer the following hosting locations: Germany (recommended for EU customers) Finland (recommended for EU customers) United Kingdom USA Canada Australia After selecting a location, we will store your data exclusively on a server in that country. If you are using our LimeSurvey Community Edition: In that case, all your data is stored on your or your provider’s server (usually the one where you installed LimeSurvey).