srvy

Last updated March 22, 2026

Privacy Policy

We built srvy to be simple, fast, and respectful of your privacy. This policy explains what data we collect, why we collect it, and how it is used.

1. Who we are

srvy is a free survey and polling service available at srvy.naif.one. The service is operated as a personal project. If you have any questions about this policy, contact us at privacy@srvy.naif.one.

2. What data we collect

Survey creators (anonymous)

  • A randomly generated session ID stored in a browser cookie
  • Survey content you create (titles, questions, options)
  • A secret management key generated per survey
  • Timestamps (created, updated)

Survey creators (registered accounts)

  • Email address (for account creation and login via OTP)
  • Optional display name
  • All anonymous creator data above

Survey respondents

  • Answers submitted to surveys
  • A randomly generated session ID (not tied to personal identity)
  • Approximate submission timestamp
  • Optional metadata: browser type, general country (for analytics)

3. How we use your data

We use your data solely to provide the srvy service:

  • To store and display your surveys to respondents
  • To aggregate and display results to survey creators
  • To allow survey creators to manage their surveys
  • To send OTP verification codes for account login
  • To track anonymous sessions so you can access your surveys without an account

We do not sell, rent, or share your data with third parties for marketing purposes. We do not serve advertisements.

4. Cookies

We use a single first-party cookie (srvy_session) to maintain your anonymous session. If you create an account, an additional authentication cookie (srvy_auth) is set. No third-party tracking cookies are used.

5. Data retention

  • Survey data is retained indefinitely until deleted by the creator
  • Anonymous creators can delete their surveys using the management key
  • Registered users can delete their surveys from the dashboard
  • Account data is retained until you request deletion
  • OTP codes expire after 10 minutes and are purged regularly

6. Your rights (GDPR & PDPL)

If you are located in the European Union or the Kingdom of Saudi Arabia, you have the right to:

  • Access — request a copy of your personal data
  • Rectification — correct inaccurate data
  • Erasure — request deletion of your data
  • Portability — receive your data in a machine-readable format
  • Object — object to processing under certain circumstances

To exercise any of these rights, email privacy@srvy.naif.one.

7. Security

Survey responses are stored in a PostgreSQL database. Passwords are hashed with bcrypt. Management keys are generated with cryptographically random values. We use HTTPS for all connections. While we take reasonable precautions, no internet service can guarantee absolute security.

8. Children

srvy is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us to have it removed.

9. Changes to this policy

We may update this policy from time to time. When we do, we update the “Last updated” date at the top of this page. Continued use of the service after changes constitutes acceptance of the updated policy.

10. Contact

Questions about this policy? Email privacy@srvy.naif.one.