Privacy Policy


EngageRocket is trusted by people and organisations with confidential survey responses, and it’s our responsibility to protect this data and keep it private. We value building trusting relationships with our clients and we have developed this privacy policy in order for you to understand how we collect, use, communicate, disclose and otherwise make use of personal information.

This privacy policy was recently revised in compliance to the GDPR reforms in the EU as of 25th May 2018. This revision includes minor changes within the clause regarding users rights to their information as well as further clarification on the location at which your information is hosted on.

The policy is structured so you can quickly find answers to the questions which interest you the most.

This privacy policy applies to all the products, services and websites offered by EngageRocket Pte. Ltd. We refer to those products, services and websites collectively as the “Services” in this policy.


Outline of Privacy Policy

  • What information and how do we collect about customers
  • How do we use this information
  • Who do we share this information with
  • What policy do we have on retaining data
  • What to do if you have questions

For further questions regarding our security measures or practices, send us an email at for us to share a copy of our latest security whitepaper.


Collecting customer information

Customer information is collected through various mediums to improve the accuracy of our product. This personal information is collected by lawful and fair means and, where appropriate, with the knowledge or consent of the individual concerned. We will collect and use personal information solely for fulfilling those purposes specified by us and for other ancillary purposes, unless we obtain the consent of the individual concerned or as required by law.

We are committed to conducting our business in accordance with these principles in order to ensure that the confidentiality of personal information is protected and maintained. EngageRocket may change this privacy policy from time to time at EngageRocket's sole discretion.


Direct information we collect

  • Contact details: When you contact us or subscribe to our content, such as our blog, we collect your contact details, including your name and email address.

  • Registration details: When you register an account we collect your name, company name, email address, password and other information.

  • Billing details: If you use a credit card for billing, we may collect information such as the cardholder's name, billing address, email address, credit card number, expiry date and credit card security code.

  • Account settings: You can set or update various preferences and personal details on your account settings page or your profile. For example, your name, email address, default language or timezone.

  • Survey data: We collect and store the survey responses that you submit If you have any questions about a survey you are taking, please contact your organization’s manager who signed up for the service.

  • Employee data: We may collect employee data that you submit based on the attributes you have created. For example, performance grade, date of birth etc.

  • Other data you intentionally share. We may collect your personal information or data if you submit it to us in other contexts. For example, if you provide us with a testimonial, participate in a TINYhr contest, or send us an email with comments or suggestions.


Are your responses anonymous?

By default, yes. EngageRocket does not reveal which responses were associated with which email or IP address. If you think a survey violates our Terms of Use or may be engaging in illegal activity, please email


Information we collect from other sources

We collect usage data about you whenever you interact with our Services. This may include which web pages you visit, what you click on, when you performed those actions, and other activities. Our web servers also keep log files that record data each time a device accesses our servers. The log files contain data about the nature of each access, including the originating IP address. We may combine this automatically collected log information with other information we collect about you. We do this to improve our Services, to improve our marketing activities, for system analytics, or to monitor or improve functionality. We also use referral data, which is collected when you navigate to our website from an external source (such as a link on another website or via an email), we record information about the source that referred you to us.


Tracking technologies

We also collect information from our customers with use of tracking technologies such as cookies, beacons, tags and scripts. Here are a few brief explanations of how they work. 

Cookies are alphanumeric identifiers that travel through your Web Browser to enable websites to recognise the browser and to enable additional features, such as signalling when your account is logged on amongst others. We use cookies to remember users’ settings and preferences, and for session management. Users can control the use of cookies at the individual browser level. If you reject cookies, you may still use our website, but your ability to use some features or areas of our website may be limited.

Scripts are programs written specifically to automate tasks, and can be found in various forms on the web.

Beacons and tags are embedded objects, found in either emails or web pages, to allow for checking if a user has accessed content.

Using these tracking technologies, we analyze trends, administer the website, track users’ movements around the website, and gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual and aggregated basis.


Billing information

EngageRocket uses Stripe for processing payment online. Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry. To accomplish this, we make use of best-in-class security tools and practices to maintain a high level of security at Stripe. You can read more at


What we do with your information

Security of your information


The security of your information is important to us. All of your data is private and confidential and we take all reasonable steps to ensure that your information is handled securely and in accordance with this Privacy Policy. We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once it is received.
However, please note that transmitting information over the Internet is never completely secure. Although we do our best to protect your personal information, we cannot guarantee that your information is absolutely secure in all situations. Security is a collaborative effort, so we also recommend that you create a sophisticated password for logging in to our services, and keep that password secret. If you suspect there has been any unauthorised access or misuse of your personal information, please contact us at immediately.


Where is your information located?

We use Amazon Web Services (AWS) cloud services for EngageRocket. You can read more on AWS security here:

If you are situated within the EU, your information on the AWS cloud services is secured and compliant with the GDPR regulations as of 9 May 2019. You can read more on AWS GDPR compliance here:


Do we use information to make automated decisions?

No, EngageRocket does not utilize information from you to make automated decisions, i.e. for targeted marketing.


How do we use the information we collect?

We use your personal information for a variety of purposes. In all such instances, we will not disclose any identifiable information about you, your respondents, or your company. In each case, the information we collect and hold is reasonably necessary for our business, including providing you with the services you would expect from us. We use your personal information to:

  • Create an account with us: We need to collect and use your personal information to allow you to create an account and log in to that account.

  • Provide you with our Services: This includes providing you with access and use of the EngageRocket platform and customer support, which may require us to access your information so that we can assist you with survey design or technical issues.

  • Create de-identified aggregated benchmark data: To provide you with a better understanding of your survey results, we use your survey data in a de-identified aggregated form to compare your results to the results of other surveys. We also use your survey data to continually improve our survey benchmarks. None of your survey data will be disclosed to other unrelated customers in a non-aggregated or identifiable form. We may disclose aggregated, anonymous, or anonymized data to third parties for market research, academic research, benchmarking, or any other purpose. In all such instances, we will not disclose any identifiable information about you, your respondents, or your company.

  • Manage our Services: We use your information internally to measure and analyze user behaviour so we can provide our Services and improve those Services. Some of these purposes include:

    • To monitor, maintain and improve our Services and features.

    • To personalize or customize your experience when you use our Services (including presenting our website in the best format for you or a device you use to access our website).

    • To create new services or features

    • To enforce our Terms when we are made aware of potential breaches.

    • To prevent potentially illegal, undesirable or abusive activities.

    • To investigate complaints about you, or made by you.

    • To prevent potentially illegal, undesirable or abusive activities.

    • Contact you about services or your account: At times we may need to contact you via email, mail or telephone to tell you about matters, such as changes to our Services, terms or policies.

    • Contact you for marketing purposes: We may also send you news and information about our products or Services if you have requested from us. In most cases, we will contact you via email.

    • Respond to legal requests and prevent harm: If we receive a legal request or are informed of a situation that may cause harm, or potential harm, to someone, we may need to inspect your personal information or data to respond appropriately to that request or threat.

Who Has Access to Your Information?

We will share your personal information with third parties only in the ways that are described in this privacy statement. To provide you with our Services we will often need to disclose your personal information to our staff or service providers that we use to operate our business. Examples of our service providers include: hosting services; project management software; email service providers; system monitoring services; customer support services; and website analytics. These companies are only authorized to use your personal information only as necessary to provide these services to us.


Confidentiality and Pseudonyms

In most cases, it will be very difficult for us to provide you with our Services if you do not provide us with your real name and contact details (primarily email). If lawful and practicable, you may use a pseudonym (or simply not identify yourself) when dealing with us. For example, if you have a complaint or concern about our site, or a general question about our Services or this Privacy Policy, you are welcome to contact us without identifying yourself. In some cases, however, if you do not provide us with information, we may not be able to provide you with our products or Services, or respond adequately to you.

In most cases, the personal information that we disclose to our staff or service providers will be directly necessary to provide our services to you. However, there may be occasions where we may need to disclose your personal information to other people or organizations, including to:

  • Enforce or apply our Terms: If you engage in or threaten any unlawful activity, we may reasonably believe that it is necessary to disclose your information to the police, a relevant authority or enforcement body, or your internet service provider, employer, supervisor or network administrator.

  • Keep other entities associated with us informed: In some cases we may need to disclose your information to our agents, business affiliates, joint venture entities, partners, investors or any applicable subsidiaries or holding companies. The need to disclose your information to these entities may arise from a legal obligation we owe that entity, or to assist our or their legitimate business interests.

  • Fulfill requests from you: You may specifically authorize us to disclose your personal information to a third party. For example, to resolve a dispute regarding our Privacy Policy or to integrate a third party service

  • Comply with legal requests: In some situations we may be compelled to disclose your information to third parties such as law enforcement officials or to comply with court orders, such as subpoenas.

  • Merger: If EngageRocket is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our website, of any change in ownership, uses of your personal information, and choices you may have regarding your personal information. We may also disclose your personal information to any other third party with your prior consent.

We also implement reasonable steps to ensure that any personal information we disclose is subject to a privacy policy comparable to our Privacy Policy, or contractual obligations that will provide a comparable level of protection to our Privacy Policy.


What are your rights to information?

We will respond to requests to access and correct (if necessary) your personal information as soon as possible. You have the following options regarding accessing, correcting or limiting the use or disclosure of your personal information:

  • User access request: You can access and get a copy of all your information upon request from us.

  • Update your account details: You can update your registration and other account information on your account settings page or your profile. Information is updated immediately.

  • Limiting use or disclosure: If you want to limit our use or the disclosure of your information to third parties, please contact us at However, please note that by limiting the use of your personal information by us, or its disclosure to third parties, you may also limit our ability to provide you with our Services.

  • Retention: We will retain your information for as long as your account is active or as needed to provide you our Services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

EngageRocket maintains the storage of data backups for up to 6 years from the termination of a contract in light of the Singapore Statute of Limitations.

  • Blog: If you subscribe to our blog, we will use your name and email address to send you the newsletter. You may choose to stop receiving our newsletter or marketing emails by following the unsubscribe instructions included in these emails.

Information for users of the EngageRocket platform

If you are a user of the EngageRocket platform (for example a company administrator or respondent), we also collect, hold and process information about you on behalf of the Customer. This information includes data uploaded to the EngageRocket platform by the Customer (for example, your name, email address, employment and demographic data) and your survey responses and comments submitted using the EngageRocket platform.

To help us provide our Services to you and the Customer, we may transfer some of your personal information to our service providers (for example, support services or email service providers). Any transfers to our service providers are covered by our agreement with the Customer. Because we collect, hold and process your information on behalf of the Customer, you will need to contact the Customer if you want to

  • Access, correct, amend or delete any information we hold about you; or

  • Stop receiving emails sent to you by the Customer using the EngageRocket platform.


Additional Information

Social media widgets

Our websites may include social media features or widgets, such as the Facebook Like or Share buttons. Use of these features may collect your IP address, detect which page you are visiting on our website, and set a cookie to enable the feature to function properly. Your interactions with these features are governed by the privacy policy of the third party providing these features.


Links to other websites

Our website includes links to other websites. The privacy practices of those other websites may differ from EngageRocket’s privacy practices. If you submit personal information to any of those websites, your information is governed by their privacy policy. We encourage you to carefully read the privacy policy of any website you visit.



We display Customer or User testimonials and other endorsements on our website. With your consent, we may post your testimonial along with your name. If you wish to update or delete your testimonial or any other endorsement, please contact us at


Blog and Forums

Our website offers publicly accessible blogs. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. To remove your personal information from our blog or community forum, please contact us at In some cases, we may not be able to remove your personal information, in such cases we notify you and explain why we are unable to fulfil your request.


Data Retention

EngageRocket collects de-identified aggregated benchmark data from its clients for the calculation of benchmark indexes. A benchmark index allows EngageRocket to highlight industry engagement standards, so Users can compare their own companies with others across similar industries or similar company sizes. By using our Services, by default you agree to provide your de-identified User data for our usage, even after termination of contract.Data is retained for as long as necessary or up to 6 years (in cases of account inactivity) in respect of the purposes for which it is collected and according to the applicable laws. Data will be subsequently anonymised and all personal data will be removed. Customers can request to delete your data at any time. For any enquiries on opting out, please contact


Changes to the Privacy Policy

We may modify this privacy policy at any time, but if we do so, we will notify you by publishing the changes on this website. If we determine the changes are material, we will provide you with additional, prominent notice as is appropriate under the circumstances, such as via email.


Users of EngageRocket must opt-in consent to our updated privacy policy before they can continue to use our services.



Figure 1: Opt-in option for EngageRocket’s Privacy Policy