Customer Data Guide

SmartSurvey & UK Data Storage: What You Need to Know about personal data we process on your behalf

At SmartSurvey, we believe in keeping things safe, secure, and transparent. That’s why we offer UK data storage as standard on all our plans, giving you peace of mind that your personal data is hosted in secure, UK-based data centres and protected by UK law.

You're in the right place if your organisation values privacy, compliance, and performance, especially within the UK jurisdiction.

Why UK Data Storage Matters

  • Choosing a platform with UK data storage has real benefits:
  • Your personal data stays under UK law - easier compliance with GDPR and other regulations.
  • Stronger data security – reduced risk of exposure to international threats.
  • Faster performance – local servers mean faster load times and a smoother user experience.
  • More trust from respondents, especially in the public sector and regulated industries.
  • Local, knowledgeable support – our UK-based team understands your needs and works in the same time zone, which means quick responses.

Why Customers Choose SmartSurvey Over US-Based Platforms

When it comes to data security, legal compliance, and peace of mind, SmartSurvey offers a level of assurance that many international platforms simply can’t match.

Here’s why UK organisations - including the NHS, Central and Local Government, and financial services trust us:

  • 100% UK-Based Operations
  • No US Ownership. We’re a fully UK-owned and operated business. That means your personal data is not subject to US surveillance laws like the CLOUD Act or FISA, which can compel US-based companies to share your personal data - even if it’s hosted in the UK or EU.
  • UK Data Residency by Default. All customer personal data is stored and processed in secure UK data centres, under UK jurisdiction and data protection law.

UK-Based Support & Development Teams

  • No International Transfers During Support
    Our entire customer support team is UK-based. If we need to access your account to help resolve an issue, we do so from within the UK so your personal data won’t leave never leaves the country.
  • In-House Development Team
    Our developers are also based in the UK, ensuring all platform maintenance and feature development happens within the UK jurisdiction.
  • Staff Vetting
    All SmartSurvey employees, including support and engineering staff, are security vetted to the BS7858 standard, the UK benchmark for personnel screening in sensitive industries.

Independent Security Certifications

  • Cyber Essentials Plus
    Certified under the UK government’s Cyber Essentials Plus scheme, proving strong defences against common cyber threats - independently audited every year.
  • ISO/IEC 27001
    Certified to the international standard for information security management, showing robust systems for protecting personal and sensitive data.
  • NHS Data Security & Protection Toolkit (DSPT)
    Approved for use by NHS organisations, confirming that SmartSurvey meets healthcare-grade security and privacy standards.
  • FSQS Accredited
    Fully accredited by the Financial Services Qualification System, which means we meet the due diligence and compliance requirements of UK banks and insurance companies.

Strong Independent Ratings

  • SecurityScorecard: A Rating (98/100)
    We’ve been independently assessed by SecurityScorecard, one of the industry’s leading cybersecurity rating platforms.
    Our A rating (98/100) indicates excellent security hygiene across network security, application security, DNS health, and more - giving you confidence that your personal data is protected at every level.

Global Privacy Compliance

SmartSurvey meets the requirements of major international privacy regulations:

  • GDPR – UK & EU data protection
  • HIPAA – US healthcare data protection
  • CCPA – California consumer privacy

These compliance frameworks are built into our platform and operations, giving you flexibility to serve users across sectors and regions while maintaining your legal obligations.

Summary: Trust, Transparency, and UK Assurance

Choosing SmartSurvey means choosing:

  • Local compliance
  • Reduced data risk
  • Faster and more relevant support
  • No hidden data transfers
  • A team that understands UK regulations inside and out

If UK data residency and security compliance are priorities for your organisation, we’re the safe, supported choice.

Understanding how personal data is stored and processed across the SmartSurvey platform

Now that you’ve seen how our UK-first approach, security accreditations, and legal protections set us apart, it’s also important to understand how this plays out across the platform.

While your core survey data always remains securely stored in the UK, some optional tools and advanced configurations - such as AI, integrations, APIs, and webhooks may involve different ways personal data is processed, depending on how they’re set up.

To clarify this, we’ve created a simple overview of how each feature handles your personal data: what stays in the UK, what might involve external processing, and who controls those choices. This will help you make informed decisions based on your organisation’s compliance needs.

SmartSurvey Personal Data Residency summary table

Feature UK-Only Data Storage Any Risk of Data Leaving UK? Who Controls the Data Flow? What You Need to Know
Core Survey Platform ✓ Yes ✗ No SmartSurvey All survey data is stored and processed in UK-based data centres.
AI Tools ✓ (by default) ⚠️ Low risk Customer (can enable/disable) Hosted in UK via Microsoft. Rare cases may involve transfer (e.g. legal requests).
Email (Vultr) ✓ Yes ✗ No SmartSurvey All email personal data processed in UK. No external transfers.
SMS (FireText) ✓ Yes (UK only) ⚠️ Yes (for international SMS) Customer (chooses recipient location) UK processing unless the message is sent outside UK.
Integrations (integration.app) ⚠️ Varies ⚠️ Yes (if push/pull used) Customer (chooses integration method) Trigger-only = UK. Push/pull may involve external processing.
Custom APIs ⚠️ Varies ⚠️ Yes (if push/pull used) Customer (fully controls setup) Trigger-only = UK-based. Personal Data transfers depend on the configuration.
Webhooks ⚠️ Varies ⚠️ Yes (if data is sent externally) Customer (defines what data is sent) Sending personal data depends on the endpoint hosting location.
Support Team Access ✓ Yes ✗ No SmartSurvey All staff are UK-based and security screened (BS7858).

AI Features: Optional, Secure, and UK-First

Our AI tools, like Auto-Categorisation and Advanced Sentiment Analysis, help you get deeper insights while keeping your personal data safe.

  • AI tools process personal data in UK-based Microsoft data centres.
  • Personal data usually never leaves the UK.
  • In rare cases, Microsoft might reroute personal data (e.g., due to a legal request or major failure).
  • AI tools are optional and can be turned off at any time.

Integrations with Third-Party Tools (via integration.app)

SmartSurvey uses integration.app to help you connect your surveys with tools like Salesforce, Teams, and more.

  • Trigger only – Personal data stays in the UK.
  • Push/Pull integrations – personal data may be processed outside the UK depending on where connected tools are hosted.

APIs: Ideal for Two-Way Personal Data Requests and Complex Automation

💡 Tip: If maintaining UK-only personal data storage is essential, design your API setup to avoid sending or receiving personal data or ensure any connected systems are UK-hosted or compliant with UK data laws.

SmartSurvey’s API allows you to build powerful, automated workflows that connect survey activity with other tools and systems. How personal data is handled depends entirely on how you use the API.

Here are the two common API use cases:

1. Trigger-Only API Calls

These simply trigger an action within SmartSurvey or another system (e.g. send a survey when an event occurs).
No customer data is transferred; everything stays within SmartSurvey’s UK infrastructure.

2. Push/Pull Data Operations

These involve sending (pushing) or retrieving (pulling) personal or response data between SmartSurvey and another system.
If the external system is hosted outside the UK, this may involve personal data leaving UK jurisdiction.

Webhooks: Great for Sending Personal Data from SmartSurvey to Another Platform

💡 Tip: To maintain UK-only personal data storage, configure your webhooks to send only minimal, non-personal data or ensure the receiving system is hosted in the UK or meets UK data protection standards.

Webhooks let SmartSurvey notify your systems in real time when certain events happen, like when someone completes a survey. How much personal data is transferred depends entirely on how the webhook is configured.

Here are the two most common ways webhooks are used:

1. Notification-Only Webhooks

These send a simple event update (e.g. “survey completed”) without including any survey responses or personal information.
When set up this way, no personal data leaves SmartSurvey’s UK-based infrastructure.

2. Data-Sending Webhooks

These send survey responses or personal data to another system for further processing. In this case, the personal data is transferred and may be stored or processed outside the UK, depending on where the receiving system is hosted.

Email & SMS Services: UK-Based and Secure

We use UK providers for all built-in email and SMS features:

  • Email (Vultr): Hosted entirely in the UK.
  • SMS (FireText): Also UK-based.

💡 Tip: Sending SMS messages internationally means personal data will be processed by telecom carriers in the destination country. To minimise the risk of personal data being handled outside the UK, consider filtering recipients to UK-only numbers using the +44 country code.

Need UK-Only Compliance? We’ll Help You Get There

If your organisation requires strict UK-only personal data residency, we can help. From disabling AI features to offering guidance on the best way to configure your APIs and integrations, we’ll support you every step of the way.

Talk to our UK-based team – we’re here to help you collect feedback securely and compliantly.

Our core values

Amazing

We work hard each day to show our customers they can trust us to store their data securely, trust us to be available to provide technical support and trust us to always provide the best solutions.

Supportive

Whatever the issue – big or small – our customers can always reach out to us for personalised support. We’re a close-knit team, so our supportive approach is second nature.

Professional

We understand your surveys represent you and your company – so they need to be of the highest standard. We handle your projects as if they were our own.

Intuitive

‘User-friendly’ is our mantra and every aspect of SmartSurvey is designed with our customers in mind. Collecting information from your audience should never be complicated.

Flexible

We’re not set in our ways and innovation gets us excited. We love suggestions from our customers and we’ll always be able to build a package to suit your needs.

Friendly

We are professional, but not serious. You’ll always find a friendly voice at the end of the phone to help you.

Quality

Everything we do has to be done well. ‘That’ll do’ will never cut it with us.