Introduction
Surveh (“we,” “our,” or “us”) operates a survey creation and response-collection platform for businesses, researchers, and individuals. This Privacy Policy describes the personal information we collect through the Surveh website, dashboard, and public survey forms (collectively, the “Services”), how we use and disclose that information, and the choices available to you.
We are committed to handling personal information in compliance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and any applicable provincial privacy legislation.
Information We Collect
Information you provide
When you create an account, build a survey, or contact us, you may provide information such as your name, email address, company name, password, and billing details. If you subscribe to a paid plan, payment card information is collected and processed by our payment processor, Stripe, and is not stored on our servers.
When a respondent completes a survey you have created, the responses they submit are stored on your behalf. You, as the survey creator, are responsible for ensuring that you have obtained any required consent from your respondents before collecting their information through the Services.
Information collected automatically
When you visit the Surveh website or use the platform, we automatically collect certain technical information. This may include a truncated version of your IP address, browser type and version, operating system, referring URL, pages viewed, and the date and time of your visit. We collect this information through server logs, cookies, and similar technologies as described in our Cookie Policy.
How We Use Your Information
We use personal information for the purposes for which it was collected, including to provide and maintain the Services, process subscription payments, authenticate your identity through your account, respond to support requests, send transactional communications (such as password resets and billing receipts), and improve the reliability and performance of the platform.
Where you have provided consent, we may also use analytics tools to understand how our platform is used and advertising technologies to measure the effectiveness of our marketing campaigns. You can withdraw consent for analytics and advertising at any time through the cookie preferences panel on our website.
Data Storage and Canadian Infrastructure
Core customer data, including survey responses, account records, and form configurations, is stored in Canadian infrastructure. Our primary database is hosted by Supabase on Amazon Web Services in the Canada Central (Montreal) region.
To operate the Services, we also rely on a number of subprocessors, some of which process limited personal information outside of Canada. Personal information transferred to other jurisdictions, including the United States and the European Union, may be subject to the laws of those jurisdictions, including lawful access by courts, law enforcement, or other governmental authorities. We use contractual safeguards and apply data-minimization practices for each cross-border transfer.
Subprocessors
The following providers help us deliver the Services. Depending on your usage and consent choices, personal information may be processed by:
| Provider | Purpose | Primary Region |
|---|---|---|
| Supabase | Application database and storage | Canada (Montreal) |
| Clerk | Authentication and account access | United States |
| Stripe | Payments and billing | United States |
| Vercel | Hosting, edge routing, and optional analytics | Global (including US) |
| PostHog | Product analytics (consent-gated) | European Union |
| Meta | Advertising attribution (consent-gated) | United States |
This list may change as we update the infrastructure that supports the Services. We will revise this policy when changes are material.
Disclosure of Personal Information
We do not sell personal information. We may disclose personal information to our subprocessors as described above, and in the following limited circumstances: in response to a valid legal process or government request where we reasonably believe disclosure is required by law; to protect the safety, rights, or property of Surveh, our users, or the public; in connection with a merger, acquisition, or sale of all or a portion of our assets, provided the acquiring entity agrees to honour the commitments in this policy; or with your explicit consent.
Data Retention
We retain personal information only for as long as necessary to fulfil the purposes described in this policy, to satisfy our contractual obligations, and to comply with legal requirements. Specific retention periods include:
- Survey response metadata (IP address, user agent): automatically removed after 90 days.
- Audit event records: retained for up to two years.
- Consent event records: retained for up to seven years as compliance evidence.
- Account data: retained while your account is active and deleted upon request, subject to any legal hold obligations.
Your Rights Under Canadian Privacy Law
Under PIPEDA and applicable provincial legislation, you have the right to access the personal information we hold about you, to request correction of inaccurate information, to withdraw consent for the collection, use, or disclosure of your personal information (subject to legal or contractual restrictions), to request deletion of your account and associated data, to receive a machine-readable export of your personal information, and to file a complaint about our privacy practices.
You may exercise any of these rights by contacting us at privacy@surveh.ca. We aim to respond to all requests within 30 days, and will notify you if we need additional time or are unable to fulfil a request in whole or in part.
Security
We implement technical and organizational safeguards designed to protect personal information against unauthorized access, alteration, disclosure, or destruction. These measures include encryption of data in transit (TLS) and at rest, role-based access controls with the principle of least privilege, regular review of access logs, and dependency monitoring for known vulnerabilities.
No method of transmission or storage is completely secure. While we strive to protect your information, we cannot guarantee absolute security.
PIPEDA Compliance
Surveh has designated Brian Stever (Founder) as Privacy Officer, who is accountable for our compliance with PIPEDA. We identify the purposes for which information is collected before or at the time of collection, obtain meaningful consent, limit collection to what is necessary, and do not use or disclose information for purposes beyond those identified without additional consent. For a detailed overview of how we address each of PIPEDA's ten fair information principles, please see our PIPEDA Compliance Guide.
Children's Privacy
The Services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child without appropriate parental consent, we will take steps to delete that information promptly.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will update the effective date at the top of this page and, where appropriate, notify you by email or through the Services. Your continued use of the Services after a change takes effect constitutes acceptance of the revised policy.
Contact
If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact the Surveh Privacy Office:
Email: privacy@surveh.ca
Mailing address: Brian Stever, 1402-1581 South Park St, Halifax, Nova Scotia B3J 0H1
If you are not satisfied with our response, you have the right to file a complaint with the Office of the Privacy Commissioner of Canada.