SSL/TLS Encryption: Users can determine whether to collect survey responses over secured, encrypted SSL/TLS connections. All communications with the Qualia servers are encrypted using SSL/TLS. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) technology (the successor technology to SSL) protects communications by using both server authentication and data encryption. This ensures that user data in transit is safe, secure, and available only to intended recipients.
User Authentication: User data in our database is logically segregated by multiple account-based access rules. Users can only access surveys that are associated with their organization. User passwords are hashed using BCrypt cipher and stored in our secure database and must be entered each time the user logs on. Qualia issues an encrypted session cookie after the user is successfully authenticated only identify the user in the system for the duration of a specific session. The session cookie stores encrypted user information, protected by 256 bit AES encryption and cannot be deciphered or modified.
User Passwords: Each User Account needs a unique email address and an associated password. Passwords are randomly salted and hashed using industry standard BCrypt hashing function which is based on Blowfish cipher. Therefore, each hashed password is unique, cannot be deciphered or brute-forced. We enforce users to use strong passwords that are at least 8 characters in length and we do not allow users to set the passwords that are found in commonly used passwords lists.
2-Factor Authentication (2FA): 2-Factor authentication is available in the Qualia Dashboard. All our employees require having 2FA enabled to access any systems to ensure data safety. Institutions can request to enforce two-factor authentication for all of their staff accounts.
API Access: To access the stored data programmatically, specific institutions can access Qualia’s API that uses JTW authentication tokens to provide secure access with short-lived access tokens that can be refreshed programmatically.
Data Encryption: We encrypt all requests in transit, at rest and in all our backups. Qualia systems can only be accessed through HTTPS protocol to ensure data integrity, confidentiality, and availability.
Data Portability: Qualia enables you to export your data from our system in a variety of formats such as XLS, CSV, PDF, HTML, SPSS so that you can back it up, or use it with other applications.
Privacy: We have a comprehensive privacy policy that provides a very transparent view of how we handle your data, including how we use your data, who we share it with, and how long we retain it.
