Privacy Policy

The data controller for personal data collected on the CraftMySurvey platform is:

In the course of using our service, we collect different categories of data:

2.1 Survey creators

• First and last name
• Email address
• Password (bcrypt hash)
• Organization information (name, logo)
• Billing data (via Stripe, no banking storage)
• Stripe customer ID
• History of created surveys
• Configuration preferences

2.2 Survey respondents

• Email (optional depending on survey settings)
• Anonymized IP address (first 3 bytes kept)
• Session identifier (UUID)
• Answers to questions
• Participation duration
• Technical metadata (device, approximate location if provided)

2.3 Technical data

• Session cookies for authentication
• CSRF tokens
• Error logs
• Anonymized usage statistics

• Account management: creation, authentication, profile
• Service provision: survey creation and management, response collection
• Statistical analysis: reports and insights
• Billing: subscriptions and payments via Stripe
• Customer support: requests and tickets
• Service improvement: performance and optimization
• Security: fraud and abuse prevention
• Communication: transactional emails and notifications

• Contract performance
• Consent for collecting responses
• Legitimate interest for improvement and security
• Legal obligation for billing

• User accounts: duration of use + 3 years
• Survey data: according to settings, maximum 5 years
• Anonymous responses: unlimited duration for statistics
• Billing data: 10 years
• Technical logs: 1 year max
• Session cookies: session duration (120 min of inactivity)

• Stripe: payment processing
• Hosting: technical infrastructure
• Communication: transactional emails
• Competent authorities: upon legal request
• Survey creators: access to their survey responses

We do not sell, rent or share your data for commercial purposes.

Transfers outside the EU may occur if necessary. We ensure:

• European Commission adequacy decision
• Standard contractual clauses
• Appropriate safeguards compliant with the GDPR

• Password hashing with bcrypt (12 rounds)
• CSRF protection
• IP anonymization
• Mandatory HTTPS
• Brute-force protection
• Regular encrypted backups
• Least privilege access
• Monitoring and logging of access

• Access
• Rectification
• Erasure
• Restriction
• Portability
• Objection
• Withdrawal of consent at any time

Exercise your rights at: [email protected]

Our site uses:

• Essential cookies: operation, security
• Session cookies: keep you logged in
• Preference cookies: language, configuration

These cookies are strictly necessary and do not require consent. No advertising or third-party tracking cookies.

The service is not intended for individuals under 16. If a minor has provided us with data, please contact us.

This policy may be updated. Significant changes will be notified by email to registered users. The date of last update appears at the top of this document.

For any questions:

You may file a complaint with the CNIL:

CraftMySurvey complies with the GDPR (EU Regulation 2016/679) and the French Data Protection Act. Principles applied: Privacy by Design and Privacy by Default.