Our GDPR Data Privacy

EngageRocket values your data security


EngageRocket values your data security and recognises the importance of privacy and confidentiality. We have taken measures to ensure that we are fully compliant to the data protection and security regulations. 


What is GDPR

GDPR stands for General Data Protection Regulation. It is a data protection and security regulation written in EU law to protect all citizens in the European Union (EU) and European Economic Area (EU) from data breaches and misuse or exploitation of information. However, GDPR regulations should be applied worldwise, which means it protects any individual that has shared personal information or data with any organisation including outside the EU. Organisations that do not comply to the strict GDPR conditions will face severe penalties.


We ensure that you have full control over your personal information. Under GDPR laws, you have the right to withdraw and limit access to personal information and data.


We will not use any of your personal information or data without your consent. We also request for your consent in a clear and reliable manner.


Your right to privacy is our priority. We will only use your data and information within and only within the purposes stated in our privacy policy.


As you trust us to use your data to administer your employee surveys, we make it our responsibility to keep your data safe and secure. This makes you GDPR compliant as well.


EngageRocket provides easy access to a variety of our resources and policy information to ensure that you are aware of how and why we use your personal information and data.


With the option of conducting confidential surveys, we ensure high data integrity and protect your employees by ensuring their personal information stays confidential.


How EngageRocket is committed to your privacy and security

Along with our adherence to GDPR guidelines, EngageRocket prioritises information security.


Customer Data

Customer data is stored in separate access-controlled databases per application. Each database requires a unique username and password that is only valid for that specific database and is unique to a single application. Customers with multiple applications and databases are assigned separate databases and accounts per application to mitigate the risk of unauthorized access between applications.


ISO 27001 framework

ISO_27001_Final Logo

Our framework is based on the ISO 27001 Information Security Standard and includes programs covering: Security of our Cloud Architecture, Policies and Processes, Access Control, Physical Security, Encryption, Security Monitoring and Incident Response, Business Continuity Security and People Security.



Website SSL Encryption

The Secure Sockets Layer (SSL) protocol is a web standard for building trusted environments to make transactions online. When our connections are secured via SSL, they can be validated to be transmitted securely and privately. Our website is protected with version 3 of SSL, with SHA-256 with RSA encryption. Our website also guarantees that all credit card transactions, data transfer and logins are private when transmitted over a SSL encryption.


External Security Audit

We commissioned an external data security firm to perform a penetration test on our system.


Data Protection

Here at EngageRocket, we work with world's leading partners and technologies.



Stripe logo - blue

EngageRocket uses Stripe for processing payment online. Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. It is the most stringent level of certification in the payments industry.



Privacy Policy & Confidentiality

EngageRocket protects your data and personal information by complying to our our comprehensive privacy policy and confidentiality statements.


Read more

Everything you need to know about Data Security and Privacy