Regulated and controlled environments

Evaluate the survey workflow against your organisation's controls

Map identity, data access, approvals, audit, retention, hosting and incident requirements before deployment, and preserve the evidence needed for ongoing review.

A secure, governed enterprise environment

For teams whose procurement starts with a security questionnaire, the useful question is not "is it secure?" but "can we evaluate it against our controls, and keep the evidence?". FlexiSurvey is built so the controls a reviewer asks about, identity, data access, approvals, audit, retention, hosting and incident response, are live features that map onto questionnaire items rather than promises in a policy document.

The security architecture and assurance status live on Trust & Security, kept current in one place. This page is about the review and implementation: the assurance pack we provide, the operating model you configure, and an honest account of deployment and data location. Production runs on AWS in the United States (us-east-1), a single region, with encrypted automated backups and point-in-time recovery; a sovereign on-premise deployment is available for Enterprise. We state the regions and subprocessors plainly rather than substituting general sovereignty language for concrete facts.

Who this is for

  • Financial services and insurance teams handling sensitive customer feedback
  • Organisations in regulated sectors with strict data-protection obligations
  • Government and public bodies with strict data-handling requirements
  • Enterprises whose procurement process starts with a security questionnaire

The pain we solve

If any of these sound familiar, FlexiSurvey was built with your team in mind.

Access control that does not match your org chart

Most survey platforms stop at admin and user. Your organisation has programme managers, analysts, regional leads and external partners, each needing a different scope.

Shared tables, shaky isolation

Multi-tenant SaaS often relies on a single WHERE clause to keep your data separate from the next customer's. One bug away from a breach.

PII handled like any other column

Customer emails, respondent names and phone numbers stored in plain text, visible to every support engineer, is not defensible in a serious audit.

No real audit trail

When the auditor asks who changed what and when, login logs and good intentions are not going to be enough.

How FlexiSurvey fits

Capabilities we lean on hardest for this kind of work.

Support the review process

We provide a structured assurance pack: a security architecture overview, current control and assurance status, a data-flow and subprocessor list, an encryption and key-management summary, an access-control and support-access policy, backup, recovery and incident procedures, data-retention and deletion options, DPA and contractual documentation, and accessibility and penetration-test status where available.

An assurance pack: architecture, controls, data flow and policies

Configure the operating model

Set the operating model your controls require: SSO and authentication policy, roles and scoped permissions, an organisational hierarchy and segregation, approval gates before publishing, audit retention, and integration keys with network restrictions such as IP allow-listing.

Operating model, SSO, roles, approvals and network controls

Protect data with built-in controls

Tenant records are protected by application checks and database row-level policies, data is encrypted in transit and at rest with AWS-managed storage encryption, and every privileged action is recorded in an audit trail. The architecture and assurance evidence behind these controls are on Trust & Security.

Database isolation, encrypted storage and an audit trail

Be explicit about deployment and data location

Production runs on AWS in the United States (us-east-1), a single region, with encrypted automated backups and point-in-time recovery. A sovereign on-premise deployment is available for Enterprise. We state the available regions, backups and subprocessors plainly, including any residency limitations, rather than implying options that do not exist.

Deployment and data-location facts: region, backups, subprocessors

Typical outcomes

What teams like yours usually report in the first few months.

Answers you can verify

Security-questionnaire items map onto live, inspectable platform features rather than policy promises.

Lower blast radius

Row-level isolation, encrypted storage and the audit log mean a single bug or stolen token does not compromise everything.

Audit-ready by default

Control monitoring runs continuously and the evidence is generated as you operate, not assembled before an external review.

Related capabilities

Want to go deeper on any of these? Jump straight to the feature page.

Send us your security and procurement requirements

Send over your security questionnaire or procurement requirements and we will map each item to the live capability behind it, with the assurance pack to back it up.

Talk to our team