GDPR Compliance

Told is designed with privacy in mind. This guide covers how to use Told in compliance with GDPR (General Data Protection Regulation).

What does GDPR mean for surveys?

GDPR requires that you:

• Inform users about what data you collect and why
• Obtain consent before collecting personal data
• Allow users to access and delete their data on request
• Minimize data collection — only collect what you need

Consent and data collection

Anonymous surveys

By default, Told creates anonymous users with a temporary identifier. No personal data is collected unless you explicitly send it via the identify function.

Anonymous survey responses are GDPR-compliant without additional consent for most use cases, as they don't contain personally identifiable information.

Identified users

If you use the identify function to attach personal data (name, email, etc.) to users, you must:

1. Have a legal basis for processing (consent, legitimate interest, etc.)
2. Inform users in your privacy policy that you use Told for feedback collection
3. Provide a way for users to request data access or deletion

Contact Info questions

If your survey includes a Contact Info question that collects personal data (email, phone), ensure you:

1. Explain why you're collecting this data in the question description
2. Link to your privacy policy
3. Only mark the question as mandatory if strictly necessary

Cookie consent

On web, the Told SDK uses cookies to identify returning users. If you use a cookie consent manager:

• Add Told to your cookie consent configuration
• Delay SDK initialization until consent is given (if required by your jurisdiction)

Data storage

• Told servers are located in Europe
• Data is encrypted in transit (HTTPS/WSS)
• See our Data Privacy page for data subject rights

Related pages

• Data Privacy & Right to Erasure
• Terms & Conditions
• User Identification