A client has requested advice on a secure survey tool
Edit me

Secure Survey Tools

Secure alternatives to commercial survey forms


A client is concerned about the current survey tool used by their organization and is requesting our advice on a secure, alternative survey tool.


Questions to understand the client’s context and needs:

  • Where are you based?
  • What survey tool are you currently using? Does this solution have any special feature you need?
  • Is the form sent via email or is it posted in a website or social media page?
  • Do you need to create complex surveys, or do you just need to make decisions on dates and on single questions?
  • Do you have your own server? Would you prefer an option hosted on your server or a third-party solution?
  • Is your main concern related to how the data is collected and transferred, or are you worried about how it is stored as well? Are you worried about privacy, data leakage, compliance with standards or norms?
  • Have you experience any kind of attack related to the current survey mechanism used? A suspicious message? An attempt to compromise accounts?
  • Is there any standard or regulation the organization should comply with (GDRP, PCI, HIPAA, etc.)?
  • LimeSurvey

    LimeSurvey is a fully-featured open source survey tool. It can be a bit complex to learn how to manage it, but their official documentation is pretty complete. It can be self-hosted or surveys can be created in LimeSurvey’s own platform by registering an account. When setting up a survey on LimeSurvey’s platform, users can choose to host it in Germany, Canada, USA, Australia, or the United Kingdom.

    If the client owns a server and has the capacity to manage it, they can install and set up LimeSurvey in their own server. This is a little more complex to set up, but will give them the benefit of having full control of the data and how it is handled. This solution includes some further security settings that can be useful: for example, the software can run within a docker container to isolate the instance, or results can be saved in an external upload directory.

Tools for simple polls

Commercial tools

NOTE Regarding other commercial tools, please explain to the client the implications of using a commercial service:

  • The data will be saved in a server owned by a third party who needs to comply with the authorities.
  • The implications for the data retention and privacy policy.
  • How the data is stored and handled (is it encrypted? Who has access to the data?).

  • Survey Monkey

    Using an online service like Survey Monkey is fine as long as the client is aware of the amount of trust they are putting on them. It is important to review the privacy and data retention policies. Overall, Survey Monkey is serious about privacy and is not selling data to third parties, but they still own the data and will hand over this data to the police if they receive a subpoena.

    In order to get information about how the data is stored and handled, recommend that the client check Survey Monkey’s security statement.

  • Google Forms

    If the client is using Google Forms, we should raise the same concerns as with any other commercial service regarding the risks connected to the storage of data in third-party servers and the obligation for the company to hand over data to authorities in case they receive official requests by the police or other authorities.