Our Information Security Policy

Purpose

This Information Security Policy aims to define and outline the commitment of BlockSurvey to maintain the confidentiality, integrity, and availability of all data it handles, consistent with industry standards, best practices, and user expectations.

Scope

This policy covers all data on BlockSurvey, its underlying infrastructure, and data transmitted to/from BlockSurvey.

Key Principles

  • User Ownership

    • Users maintain full ownership and control over their data. It is their digital right. Users are provided with unique identities anchored on Stacks Blockchain.

  • Decentralization

    • BlockSurvey utilizes the Bitcoin and Stacks Blockchain for Decentralized Identity/Account (DID) ensuring a true ownership of identity and data for users.

  • Zero Knowledge

    • All user data stored on BlockSurvey is encrypted using the user's public key. BlockSurvey has zero knowledge of this data and cannot access or understand it.

  • End-to-End Encryption

    • All user data is encrypted from the moment it is collected until the rightful owner decrypts it. Encryption happens at the client side/browser, not at the server side.

  • Privacy First
    1. By default, all data is private, stored encrypted in private storage.
    2. All BlockSurvey’s are private by default until published by the creator.
    3. Respondents to BlockSurvey remain anonymous by default.
    4. No trackers, cookies, or fingerprints are used.
  • Temporary Data Storage

    • Respondents' data is temporarily stored in BlockSurvey's secure infrastructure before being transferred to the creator's private storage.

Responsibilities

  • BlockSurvey

    • While BlockSurvey operates under a zero-knowledge principle, the platform is responsible for maintaining the integrity and availability of its infrastructure, ensuring that all systems are secure, patched, and regularly monitored.

  • Users

    • Users, both survey creators and respondents, are responsible for managing their encryption keys and ensuring the confidentiality of their data. Users should also ensure they responsibly use the platform, adhering to all relevant laws and ethical standards.

Incident Response

In the unlikely event of a security incident, BlockSurvey is committed to promptly addressing and rectifying any vulnerabilities. Users will be informed of major incidents and the measures taken to prevent future occurrences.

Review and Amendments

This policy will be reviewed regularly and may be updated to reflect changes in procedures, technology, or legislation. Users will be informed of significant changes to the policy.

Contact

For any questions, concerns, or clarifications related to this Information Security Policy, please reach out to [email protected].