Data Security Statement

Ready to Order Your Florida Marriage License By Mail?

Security Statement


This Security Statement applies to the products, services, websites and apps offered by or Inc., or, or . and their affiliates (collectively “ or”), which are branded as “ or” and “ or”, except where otherwise noted. We refer to those products, services, websites and apps collectively as the “services” in this Statement. This Security Statement also forms part of the user agreements for or and or customers. or values the trust that our customers place in us by letting us act as custodians of their data. We take our responsibility to protect and secure your information seriously and strive for complete transparency around our security practices detailed below. Our Privacy Policy also further details the ways we handle your data.

Physical Security or’s information systems and technical infrastructure are hosted within world-class, SOC 2 accredited data centers. Physical security controls at our data centers include 24×7 monitoring, cameras, visitor logs, entry requirements, and dedicated cages for or hardware.

Compliance or, or, and or Apply are compliant with the Payment Card Industry’s Data Security Standards (PCI DSS 3.2) and can therefore accept or process credit card information securely in accordance with these standards. or re-certifies this compliance annually. or is also working towards ISO 27001 certification.

Access Control

Access to or’s technology resources is only permitted through secure connectivity (e.g., VPN, SSH) and requires multi-factor authentication. Our production password policy requires complexity, expiration, and lockout and disallows reuse. or grants access on a need to know on the basis of least privilege rules, reviews permissions quarterly, and revokes access immediately after employee termination.

Security Policies or maintains and regularly reviews and updates its information security policies, at least on an annual basis. Employees must acknowledge policies on an annual basis and undergo additional training such as HIPAA training, Secure Coding, PCI, and job specific security and skills development and/or privacy law training for key job functions. The training schedule is designed to adhere to all specifications and regulations applicable to or

Personnel or conducts background screening at the time of hire (to the extent permitted or facilitated by applicable laws and countries). In addition, or communicates its information security policies to all personnel (who must acknowledge this) and requires new employees to sign non-disclosure agreements, and provides ongoing privacy and security training.

Dedicated Security Personnel or also has a dedicated Trust & Security organization, which focuses on application, network, and system security. This team is also responsible for security compliance, education, and incident response.

Vulnerability Management and Penetration Tests or maintains a documented vulnerability management program which includes periodic scans, identification, and remediation of security vulnerabilities on servers, workstations, network equipment, and applications. All networks, including test and production environments, are regularly scanned using trusted third party vendors. Critical patches are applied to servers on a priority basis and as appropriate for all other patches.

We also conduct regular internal and external penetration tests and re-mediate according to severity for any results found.


We encrypt your data in transit using secure TLS cryptographic protocols. or and or data is also encrypted at rest.


Our development team employs secure coding techniques and best practices, focused around the OWASP Top Ten. Developers are formally trained in secure web application development practices upon hire and annually.

Development, testing, and production environments are separated. All changes are peer reviewed and logged for performance, audit, and forensic purposes prior to deployment into the production environment.

Asset Management or maintains an asset management policy which includes identification, classification, retention, and disposal of information and assets. Company-issued devices are equipped with full hard disk encryption and up-to-date antivirus software. Only company-issued devices are permitted to access corporate and production networks.

Information Security Incident Management or maintains security incident response policies and procedures covering the initial response, investigation, customer notification (no less than as required by applicable law), public communication, and remediation. These policies are reviewed regularly and tested bi-annually.

Breach Notification

Despite best efforts, no method of transmission over the Internet and no method of electronic storage is perfectly secure. We cannot guarantee absolute security. However, if or learns of a security breach, we will notify affected users so that they can take appropriate protective steps. Our breach notification procedures are consistent with our obligations under applicable country level, state and federal laws and regulations, as well as any industry rules or standards applicable to us. We are committed to keeping our customers fully informed of any matters relevant to the security of their account and to providing customers all information necessary for them to meet their own regulatory reporting obligations.

Information Security Aspects of Business Continuity Management or’s databases are backed up on a rotating basis of full and incremental backups and verified regularly. Backups are encrypted and stored within the production environment to preserve their confidentiality and integrity and are tested regularly to ensure availability.

Your Responsibilities

Keeping your data secure also requires that you maintain the security of your account by using sufficiently complicated passwords and storing them safely. You should also ensure that you have sufficient security on your own systems. oring

Application and infrastructure systems log information to a centrally managed log repository for troubleshooting, security reviews, and analysis by authorized or personnel. Logs are preserved in accordance with regulatory requirements. We will provide customers with reasonable assistance and access to logs in the event of a security incident impacting their account.

Privacy Policy

LAST UPDATED: November 16, 2018

Highlighted text represents any recent changes to our privacy policy.

  1. Introduction

This Privacy Policy applies to all the products, services, websites and apps offered by or Inc., or, or except where otherwise noted. We refer to those products, services, websites and apps collectively as the “services” in this policy. Unless otherwise noted, our services are provided by or Inc. inside of the United States, by or and by or

References to “data” in this Privacy Policy will refer to whatever data you use our services to collect, whether it is survey responses, data collected in a form, or data inserted on a site hosted by us – it’s all your data! Reference to personal information or just information, means information about you personally that we collect or for which we act as custodian.

We refer to “you” a lot in this Privacy Policy. To better understand what information is most relevant to you, see the following useful definitions.


You hold an account within a or service and you either directly create surveys, forms, applications, or questionnaires or you are collaborating on, commenting on, or reviewing surveys, forms, applications, or questionnaires within an account.


You have received a survey, form, application, or questionnaire powered by a or service.


You have signed up and agreed to take surveys sent to you by or on behalf of creators. We deal with panelists in an entirely separate section of our Privacy Policy.

Website Visitor

You are just visiting one of our websites because you are Curious!

2.2 Information we collect about you.

  • Contact Information (for example an email address).
    You might provide us with your contact information, whether through use of our services, a form on our website, an interaction with our sales or customer support team, or a response to one of or’s own surveys.
  • Usage information.
    We collect usage information about you whenever you interact with our websites and services. This includes which webpages you visit, what you click on, when you perform those actions, what language preference you have, and so on.
  • Device and browser data.
    We collect information from the device and application you use to access our services. Device data mainly means your IP address, operating system version, device type, system and performance information, and browser type. If you are on a mobile device we also collect the UUID for that device.
  • Information from page tags.
    We use third party tracking services that employ cookies and page tags (also known as web beacons) to collect data about visitors to our websites. This data includes usage and user statistics. Emails sent by or or by users through our services include page tags that allow the sender to collect information about who opened those emails and clicked on links in them. We provide more information on cookies below and in our Cookies Policy.
  • Log Data.
    Like most websites today, our web servers keep log files that record data each time a device accesses those servers. The log files contain data about the nature of each access, including originating IP addresses, internet service providers, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system versions, device type and timestamps.
  • Referral information.
    If you arrive at a or website from an external source (such as a link on another website or in an email), we record information about the source that referred you to us.
  • Information from third parties and integration partners.
    We collect your personal information or data from third parties if you give permission to those third parties to share your information with us or where you have made that information publically available online.

If you are a Creator we will also collect:

Account Information

  • Registration information.
    You need a or account before you can use or services. When you register for an account, we collect your first and last name, username, password and email address. If you choose to register by using a third party account (such as your Google or Facebook account), please see “Information from third parties” below.
  • Billing information.
    If you make a payment to or, we require you to provide your billing details, a name, address, email address and financial information corresponding to your selected method of payment (e.g. a credit card number and expiration date or a bank account number). If you provide a billing address, we will regard that as the location of the account holder to determine which or entity with whom you contract.
  • Account settings.
    You can set various preferences and personal details on pages like your account settings page. For example, your default language, time zone and communication preferences (e.g. opting in or out of receiving marketing communications from or

Use of some of our services will also result in us collecting the following data on your behalf:

  • Address book information.
    We allow you to import email addresses into an Address Book so you can easily invite people to take your surveys or fill in your form via email. We don’t use these email addresses for our own purposes or email them except at your direction.
  • Profile data.
    When you sign up for our services you are asked to provide us with information about yourself and to give us more detailed insights into who you are.
  1. Information you share

Many of our services let you share information with others. Remember that when you share information publicly, it can be index able by search engines. Our services provide you with different options on sharing and deleting your content but we cannot delete content from search engines so you need to be careful about information you make public.

  1. Information we share: Partners and Integrations

We do not share your information or data with third parties outside or except in the following limited circumstances:

  • If you are a Creator that is part of an Enterprise team using or your account information and data will be shared with the primary administrator(s) and your survey data may also be visible to other members in your team with whom you share your surveys or with whom you collaborate.
  • To help us provide certain aspects of our services we use our affiliates and trusted key partners – in particular, we engage third parties to:
    • facilitate our email collectors for sending surveys by email to Respondents.
    • facilitate customers in making credit card payments.
    • deliver and help us track our marketing and advertising content.
    • help us track website conversion success metrics.
    • manage our sales and customer support services to you.

We enter into confidentiality and data processing terms with partners to ensure they comply with high levels of confidentiality and best practice in privacy and security standards and we regularly review these standards and practices.

  • On your instructions, we share your information or data if you choose to use an integration in conjunction with or services, to the extent necessary to facilitate that use. See further information here on our API partners.
  • We also have to share information or data in order to:
    • meet any applicable law, regulation, legal process or enforceable governmental request.
    • enforce applicable policies, including investigation of potential violations.
    • detect, prevent, or otherwise address fraud, security or technical issues.
    • protect against harm to the rights, property or safety of our users, the public or to or and/or as required or permitted by law.
  1. Cookies

We and our partners use cookies and similar technologies on our websites. For more information see our Cookies Policy.

We use certain cookies, as described in our Cookies Policy and here in our Privacy Policy, that you agree to when you use our sites and, in the case of some cookies, for legitimate interests of delivering and optimizing our services (where the cookie delivers essential functionality). Cookies are small bits of data we store on the device you use to access our services so we can recognize repeat users. Each cookie expires after a certain period of time, depending on what we use it for. We use cookies and similar technologies for several reasons:

  • To gather metrics about your survey taking experience.
    For example, we will collect data about the number of clicks it took Respondents to complete a survey, whether they left and returned to a survey, whether they skipped parts of a survey and how long it took to complete the survey and other details about the survey taking. However, this information is collated and kept at an aggregated and anonymized level only.
  • To make our site easier to use.
    Creators if you use the “Remember me” feature when you sign into your account, we store your username in a cookie to make it quicker for you to sign in whenever you return to or
  • For security reasons.
    We use cookies to authenticate your identity and confirm whether you are currently logged into or or determine if an incident impacts you.
  • To provide you with personalized content.
    We store user preferences, your default language, device and browser information, your profile information which includes the level of usage of service and the web-pages on our site which you visit, so we can personalize the content you see.
  • To improve our services.
    We use cookies to measure your usage of our websites and track referral data, as well as to occasionally display different versions of content to you. This information helps us to develop and improve our services (it helps us focus on the parts of the service you seem most interested in) and optimize the content we display to you (which may include marketing content).
  • To advertise to you.
    We, or our service providers and other third parties we work with, place cookies when you visit our website and other websites or when you open emails that we send you, in order to provide you with more tailored marketing content (about our services or other services), and to evaluate whether this content is useful or effective. For instance, we evaluate which ads are clicked on most often, and whether those clicks lead users to make better use of our tools, features and services. If you don’t want to receive ads that are tailored to you based on your online activity, you may “opt out.” Opting out in this way does not mean you will not receive any ads; it just means that you will not receive ads from such companies that have been tailored to you based on your activities and inferred preferences.
  • Google Analytics.
    In addition to the above, we have implemented on our websites and other services certain Google Analytics features that support Display Advertising, including re-targeting. Visitors to our websites may opt out of certain types of Google Analytics tracking, customize the Google Display Network ads by using the Google Ad Preferences Manager and learn more about how Google serves ads by viewing its Customer Ads Help Center. If you do not wish to participate in Google Analytics, you may also download the Google Analytics opt-out browser add-on.

You can choose to remove or disable cookies via your browser settings.

  1. Security

We have a security statement related to our self-serve businesses ( or

  1. Data Retention

If you hold an account with or we do not delete the data in your account – you are responsible for and control the time periods for which you retain this data. There are controls in your account where you can delete data at the account level (all data in your account) and at the response level. If you are a Respondent, you will need to ask the Creator how long your responses will be stored in or services.

We also describe the expiry periods for cookies on our websites in our cookies policy.

  1. Safety of Minors

Our services are not intended for and may not be used by minors. “Minors” are individuals under the age of 13 (or under a higher age if permitted by the laws of their residence). or does not knowingly collect personal data from Minors or allow them to register. If it comes to our attention that we have collected personal data from a Minor, we may delete this information without notice. If you have reason to believe that this has occurred, please contact customer support. or is committed to subjecting all personal information and data received from European Union (EU) member countries and Switzerland, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield.

When or receives personal information under the Privacy Shield and then transfers it to a third-party service provider acting as agent on or’s behalf, or has certain liability under the Privacy Shield if both (i) the agent processes the information in a manner inconsistent with the Privacy Shield and (ii) or is responsible for the event giving rise to the damage. With respect to personal data received or transferred pursuant to the Privacy Shield Framework, or is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. In certain situations, or may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Please contact or as described in Section 14 below if you have any concerns or complaints of any nature.

  1. Changes to our privacy policy

We can make changes to this Privacy Policy from time to time. We will identify the changes we have made on this page. In circumstances where a change will materially change the way in which we collect or use your personal information or data, we will send a notice of this change to all of our account holders.

  1. Personalized marketing

You can opt-out from direct marketing in your account and we provide opt-out options in all direct marketing emails. Finally, if you do not wish to see personalized marketing content on the web related to our service you can clear the cookies in your browser settings. See our Help Center article on how to do this here.

  1. Who is my data controller?

As mentioned above – all response data at an individual level is controlled by the Creator. or can be a data controller of data about Respondents only in the very limited ways described in the section here called “How we use the information we collect – Respondent”. To the extent that is the case we have identified the correct controller below.

For Creators, Respondents, Website Visitors and Panel who are addressed in this privacy policy and who are located outside the United States, your data controller is or Europe UC to the extent that it is processing your personal data.

  1. Your rights

Some of you (in particular, European users and those whose information we receive under the EU-U.S. Privacy Shield) have certain legal rights to obtain information about whether we hold personal information about them, to access personal information we hold about them, and to obtain its correction, update, amendment or deletion in appropriate circumstances. Some of these rights may be subject to some exceptions or limitations. We will respond to your request to exercise these rights within a reasonable time (and in all cases within 30 days of receiving a request).

Rights which you are entitled to are:

  • Data access rights
  • Right to restrict processing
  • Right of Rectification
  • Right to Erasure (Right to be Forgotten)
  • Right to object to processing
  • Right to withdraw consent; and
  • Data portability rights or Europe UC Sub-Processors

If you are a customer located in the European Union, we provide a list of sub-processors who assist or Europe in the provision of the services.

  1. Exercising your rights

Our Contact Information for Privacy Inquiries

White Cedar Trail

Jacksonville, FL 32226

(904) 410-2210

[email protected]



If you are resident in the United States and you are dissatisfied with how we have managed a complaint you have submitted to us, you are entitled to contact your local data protection supervisory authority; as operates its business in the United States.