At Discuss, safeguarding the privacy, security, and integrity of client and participant data is a top priority. This article outlines our core policies and practices for data handling and retention across our platform, and points to trusted sources for more details.
Privacy and Security Overview
We are committed to:
- Ensuring the confidentiality and integrity of customer data
- Adhering to industry-leading compliance standards, including GDPR and SOC 2 Type II
- Applying secure protocols across infrastructure, application design, and access controls
You can always review our current security posture, policies, and documentation at:
Data Retention Policy
Discuss retains platform data for a defined period, depending on how it was collected. Here's how data retention works across our core capture methods:
| Data Type | Retention Period | Description |
|---|---|---|
| Human-Led Interviews | 3 years from the end date of the last session |
Recordings (with participant data), transcripts, tags, summaries, clips, highlight reels, poll data, documents (including stimuli), discussion guides, takeaways, and AI data. |
|
Self-Paced Feedback |
6 months after the respondent is added to the project |
Submissions received and respondent PII |
|
Respondent Information |
6 months after the respondent schedule session ends |
Name, Email, Phone, Market, All Screener Data, Tech Check Data (IPs, Location, Video, Consent Forms, etc) |
- Note: After the defined retention window, data is automatically and securely deleted from our systems on the 1st of each month.
- Notifications: Project owners will receive an automated email 30 days prior to project deletion informing them of the upcoming deletion and instructions to download any data. A reminder is send 7 days prior to deletion.
To request customized data retention period or schedule, please reach out to your Customer Success Manager.
Terms of Service and Resources
Privacy Statement
Terms of Service
U.S. State Privacy Laws & Policy
Terms of Use For Participant
Privacy & Security FAQ
Country-Specific Information
Market Research in China
Market Research in Germany
FAQ
In order to answer some of the questions you may have, we created this FAQ.
Who owns the data the organizations put into Discuss?
To put it simply, Discuss.io does not own your data. We do not take a position on whether the data belongs to the institution signing up for Discuss.io, or the individual user (that’s between the two of you), but we know it doesn’t belong to us!
The data which you put into our systems is yours, and we believe it should stay that way. We think that means three key things.
- We won’t share your data with others except as noted in our Privacy Policy.
- We keep your data as long as you require us to keep it.
- Finally, you should be able to take your data with you if you choose to use external services in conjunction with Discuss.io or stop using our services altogether
When can Discuss employees access my account?
Discuss.io may only access data in your account in strict compliance with our Privacy Policy and your Customer Agreement. For purposes of providing technical support, an administrator may choose to grant the Support team permission to access accounts in order to resolve a specified issue.
Does Discuss give third parties access to my organization’s data?
Absolutely not.
Is my organization compliant with the European Commission Directive of Data Production if we use Discuss?
As described in our Privacy Shield certification, we comply with the EU-US and Swiss-US Privacy Shield Frameworks as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland, respectively. Discuss has certified that it adheres to the Privacy Shield Principles. To learn more about the Privacy Shield program, and to view Discuss.io's certification, please visit the Privacy Shield website.
Generally, an organization must decide whether its use of Discuss.io is compliant with any regulations it may be subject to.
Where is my organization’s data stored?
Your data is stored in Amazon Web Services network of data centers. Discuss.io maintains a number of geographically distributed data centers. Discuss.io computing clusters are designed with resiliency and redundancy in mind, eliminating any single point of failure and minimizing the impact of common equipment failures and environmental risks.
Is my organization’s data safe from your other customers when it is running on the same servers?
Yes. Data is virtually protected as if it were on its own server. Unauthorized parties cannot access your data. Your competitors cannot access your data, and vice versa. In fact, all user accounts are protected via this virtual lock and key that ensures that one user cannot see another user’s data. This is similar to how customer data is segmented in other shared infrastructures such as online banking applications.
An end-user deleted a number of videos, how can I recover them?
Data is irretrievable once an end-user deletes a video asset or user account.
How do you protect your infrastructure against hackers and other threats?
Discuss.io, an established provider of web-based services has gone to great lengths to protect against threats. Each of these systems has been optimized for security and performance. The Discuss.io Security Team is working with external parties to constantly test and enhance security infrastructure to ensure it is impervious to external attackers. And because Discuss.io controls the entire open source stack running our systems, we are able to quickly respond to any threats or weaknesses that may emerge.
Discuss maintains a number of geographically distributed data centers. Discuss.io computing clusters are designed with resiliency and redundancy in mind, eliminating single points of failure and minimizing the impact of common equipment failures and environmental risks. Access to our data centers is restricted to authorized personnel.
How do you prevent and resolve security flaws in your applications?
Discuss.io products and services go through a series of security reviews. If a security flaw is found in an application or infrastructure component, we evaluate the risk and respond accordingly. Because we are hosting the applications in our own systems, we can quickly deploy fixes to all our systems without requiring any action on your part.
Can my organization use our own authentication system to provide user access to Discuss?
Discuss integrates with standard web single sign-on systems using the SAML 2.0, Oauth, or Google standards. Organizations can work with Discuss to accomplish integration. Contact us for more information.
Do you sign NDAs?
Discuss does sign non-disclosure agreements upon request. Discuss can provide a copy of our standard NDA/confidentiality agreement via email. If it meets with your approval, we will follow up with a scan of a signed copy. To use an NDA/confidentiality agreement of your choice, you can reach out to us through this support form with the required documents or any questions.
data privacy for genie summary
data retention policy
other questions