Qualtrics Platform
Customer Journey Optimizer
XM Discover
Qualtrics Social Connect

Minimizing Personal Data Collection & Use in Qualtrics®

About Minimizing Personal Data Collection and Use While Using Qualtrics®

Across the XM Platform®, there are many ways to help protect your respondents’ personal data, whether you’re collecting data or reporting on it. On this page, we’ve compiled all of the different methods in one place.

Qtip: Qualtrics gives you the tools to anonymize data, but it’s ultimately your responsibility to make sure you use those tools to meet any data compliance needs you may have.

Attention: Some methods may result in personal data being removed permanently, while other methods merely hide personal data from select users. Read each support page carefully before using a feature.

Collecting Survey Responses Using an Anonymous Link

The anonymous link is the URL used to take your survey. It does not collect identifying information, such as name or email address, unless you specifically ask for it in the survey. The only exception is that IP addresses are recorded by default.

To learn more, see Anonymous Link.

Warning: While anonymous links work similarly across Qualtrics projects, they may vary in exact functionality and in where you can find them. If you’re not using a survey project, see this list of project types and support resources.

Removing Information with Anonymize Responses

There’s a survey option you can enable to remove certain personal data from responses. This can be useful if:

You forgot to change your link to an anonymous one before emailing invites.
You want to remove IP addresses from responses collected from anonymous links.

To learn more, see Anonymize Responses.

Attention: This option is only available to survey projects, XM Solutions, Conjoint, and MaxDiff.

Protecting Report Data

When you create a report, you can hide the results until enough responses have been collected. This helps prevent people who may know who has responded so far from figuring out what someone said in the survey, thus helping to protect their anonymity.

Qtip: This option hides data from people viewing the reports. This option does not erase identifying information or hide it from the administrators building reports.

Advanced-Reports Display Logic: If you’re using advanced-reports, this feature is called display logic.
Qtip: For a list of project types where you can use advanced-reports, see Where You Can Find Advanced-Reports.
Rater Category Display Logic: If you’re building subject reports for 360, we recommend using rater category display logic. This feature takes into account 360’s respondent relationships when setting anonymity thresholds.
Response Count Thresholds: If you’re building CX Dashboards, you can apply response count thresholds to both pages and widgets.

Employee Experience projects also have this functionality, called anonymity thresholds. However, due to the unique challenges posed by employee data, they have additional functionality created especially for them. See the Minimizing Personal Data in Employee Experience section for more.

Minimizing Personal Data Access for the Entire Organization

Brand Administrators can set standards for the entire organization. That way, it’s easier to ensure all users comply.

Here are a few different options, with links to more details. Note that not all features are included with all licenses.

Default Anonymization Policy: Decide what personal data should be anonymized, and how long after it’s been collected that it should be anonymized.
Qtip: This setting is not compatible with Employee Experience projects. However, they have a similar feature. See the Minimizing Personal Data in Employee Experience section for more details.
Sensitive Data Policy: Define the types of data you consider sensitive and which surveys should be impacted by the policy. Sensitive data policies help protect respondent identities in 3 ways:
- By warning users when they make surveys that ask for sensitive information.
- By warning respondents when they’re about to provide sensitive information.
- By censoring the sensitive data if respondents provide it anyway.
Specific Platform Permissions: There are a few permissions that you can apply to users, groups, or divisions in order to hide certain data. This means you can prevent even survey-builders from seeing certain personal data that has been collected. Under Survey Permissions and General Permissions, read about what happens when you disable the following:
- View Response ID
- View Restricted Data

Data Masking in Digital Experience Analytics

Digital Experience Analytics allows brands to quantify the digital experiences of their customers through session replay capture and frustration detection to help identify and close experience gaps.

While using session replay, personal data may be captured from your website users in several ways. However, with the help of data masking, you can limit the collection of this personal data.

See Masking for more details.

Minimizing Personal Data in Employee Experience

Employee Experience refers to a set of several different project types specialized for collecting employee feedback data. When you report on your results using a dashboard, it’s important to protect employees’ anonymity. Here, we’ll cover what EX Administrators can do on the project level to minimize personal data, as well as everything a Brand Administrator can do.

Collecting Responses Using an Anonymous Link

An anonymous link is a URL every participant can use to take the survey. For Engagement projects, it’s not just possible to protect your employees personal data, but to collect employee hierarchy data, too, so you can still view trends by organization.

For Engagement, Ad Hoc Employee Research, and Lifecycle Projects, see Anonymous Links.

For Pulse, see Shareable Links.

Protecting Personal Data in Dashboard Results

There may be cases where you’ve collected identifying information, but want to protect that data in dashboard reports.

There are 2 levels of anonymity in employee dashboards: basic and enhanced. Basic anonymity is enabled by default in each dashboard, while enhanced anonymity can be turned on for additional layers of protection. For more information, see Basic vs. Advanced Anonymity.

For more details on how to implement these features, see Anonymity (EX).

Minimizing Personal Data Access for the Organization

If you are a Brand Administrator, you can adjust settings that affect all of the EX Administrators building Employee Experience dashboards in your organization.

Set dashboard anonymity thresholds for everyone: The anonymity threshold determines how many responses must be included for a given data point or comment before it can appear in a dashboard. You can set a minimum threshold for the entire organization with the Anonymous Responses admin tool.
Remove identifying information from responses: Remove personal and identifying information in all employee responses across your organization with Pseudonymization.