Privacy and Security

Premise values your privacy and security. We align with the highest industry standards and practices for data protection and security to ensure that you can have confidence in the safety and integrity of the information you share with us. While we give you a snapshot of our security and privacy policies and practices here, we also work with individual organizations to ensure their use of Premise aligns with their own privacy policies as well, and Contributors know that their rights over their personal data are always respected and ultimately in their control.

How does Premise protect its customers and contributors?
Premise puts security and data protection at the heart of its corporate culture. Premise’s Information Security program is aligned with NIST Cybersecurity Framework (CSF) to ensure our program follows best practices, standards, and guidelines to protect our environment and our customers.

Is Premise compliant with privacy regulations?
Yes, Premise is compliant with the General Data Privacy Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

Does Premise hold any cybersecurity certifications?
Yes, Premise has the Cyber Essentials certification and is actively pursuing SOC 2 Type 1 & Type 2 certification. We have also completed independent assessments for common industry frameworks, including SIG, CAIQ, and CMMC.

What types of data does Premise collect?
Premise provides crowdsourced market research data by enabling Contributors to complete tasks that collect information for Premise’s Customers. That is the extent of primary data collection.
Premise also collects and processes the minimum amount of personal data necessary when a Contributor signs up to use our mobile app and when performing tasks.

How does Premise use the personal data it collects?

  • Premise only collects the minimum amount of personal data from Contributors necessary for paying Contributors and for Premise’s own quality control and validation purposes.
  • Premise may use location and non-identifiable demographic information to select a subset of Contributors suitable to perform customer-sponsored tasks.
  • Protecting Contributors’ personal data is a top priority at Premise, which is why Premise is GDPR compliant and aligned to data privacy best practices.
    • Personal data is not used to select Contributors to answer questions and tasks.
    • Premise ensures anonymity of our Contributors by assigning unique IDs instead of using names, so nothing can be correlated back to an individual.
    • Premise adheres to the rights of the individual under GDPR.

Does Premise share the personal data it collects?
No, Premise never shares Contributors’ personal data with Customers or third-party vendors. Customers cannot instruct Premise to process personal data.

Where is the data stored? Who has access to it?
Premise securely stores all data on servers hosted by a public cloud vendor with the highest security and encryption standards.
Only designated Premise employees have access to the secure cloud environment and the data within it.

More about privacy at Premise.
For more detailed information about Premise’s privacy and security, contact [email protected]