Compliance alignment (informational)
Not legal advice — InviziPoll does not provide legal opinions. This page maps product behavior to common frameworks; it is not a certification, attestation, or contractual commitment.
This page still describes how product features may map to common compliance frameworks. We do not claim SOC 2 Type II certification, HIPAA compliance, or ISO certification unless explicitly published elsewhere with evidence.
GDPR
- Article 25 (data protection by design and by default): Minimal respondent metadata, client-side encryption, and anti-inference thresholds reduce unnecessary data exposure.
- Article 32 (security of processing): Encryption of stored responses and least-privilege controls on operational access to sensitive data (see Threat model).
SOC 2
Organizations often map controls to logical access and encryption. InviziPoll's design may support your control narrative, but attestation requires your auditor and your scope — not this document.
US state privacy (e.g., CCPA)
Data minimization for respondent data and no sale of respondent analytics align with common privacy law themes. Marketing analytics, where used, are limited to marketing pages only.
Healthcare / HIPAA
InviziPoll is not presented as a HIPAA-compliant service by default. If your survey could collect protected health information, you need legal review, contractual terms, and careful survey design.
Whistleblower and speak-up programs
Strong anonymity and anti-inference features can support organizational speak-up policies, but they do not replace legal obligations or jurisdictional requirements.