We take data security and confidentiality very seriously. Survey Solutions is designed to only allow access to survey data by authorized users, and users only access data appropriate to their role in the survey team hierarchy.
If you have encountered a potential security vulnerability in Survey Solutions, please report it to us at support@mysurvey.solutions. We will work with you to verify the vulnerability and fix it.
When reporting issues, please provide the following information:
- Component(s) and version affected
- A description indicating how to reproduce the issue
- A summary of the security vulnerability and impact
We request that you contact us via the email address above and give the project contributors and the user community time to resolve the vulnerability and upgrade prior to any public exposure. Security issues always get higher priority than bug fixes or feature development.
If the reported security vulnerability is verified, we will:
-
Fix the affected component(s) on the latest release branch.
-
Publish new version of the Windows Installer, Docker Hub Image, and the Tester Android App.
-
Immediately deploy the new version of the Designer app.
-
Update public and personal demo instances of the Headquarters app.
-
A security advisory will be published detailing the vulnerability, as well as recommendations for end-users to protect themselves.
-
Publish notices on the Survey Solutions website as well as on the user forum advising users to upgrade.