Navigation
Connect With Us!
Security Statement | Qualia Analytics
Research, Evaluation, Technology, Survey, System, Impact, Benchmarking, Analytics, Analysis, Framework, Training, Methods For Change, Qualia, Qualia Analytics, Experience, Zoo, Museum, Retail, Feedback, Study, Business, Business Analysis, Program Evaluation,
18848
page-template-default,page,page-id-18848,page-child,parent-pageid-18973,ajax_fade,page_not_loaded,, vertical_menu_transparency vertical_menu_transparency_on,side_menu_slide_from_right,vss_responsive_adv,qode-theme-ver-11.1,qode-theme-bridge11,hide_inital_sticky,wpb-js-composer js-comp-ver-5.0.1,vc_responsive

Security Statement

Overview

At Qualia Analytics we make it a priority to take our users’ security and privacy concerns seriously. We strive to ensure that user data is kept securely, and that we collect only as much personal data as is required to provide our services to users in an efficient and effective manner.

Qualia Analytics uses best security practices that adhere to industry standards for storing and accessing data. This Security Statement is aimed at being transparent about our security infrastructure and practices, to help reassure you that your data is appropriately protected.

Application and User Security

SSL/TLS Encryption: Users can determine whether to collect survey responses over secured, encrypted SSL/TLS connections. All communications with the Qualia Analytics servers are encrypted using SSL/TLS. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) technology (the successor technology to SSL) protects communications by using both server authentication and data encryption. This ensures that user data in transit is safe, secure, and available only to intended recipients.


User Authentication: User data in our database is logically segregated by multiple account-based access rules. Users can only access surveys that are associated with their organization. User passwords are hashed using BCrypt cipher and stored in our secure database and must be entered each time the user logs on. Qualia Analytics issues an encrypted session cookie after the user is successfully authenticated only identify the user in the system for the duration of a specific session. The session cookie stores encrypted user information, protected by 256 bit AES encryption and cannot be deciphered or modified.


User Passwords: Each User Account needs a unique email address and an associated password. Passwords are randomly salted and hashed using industry standard BCrypt hashing function which is based on Blowfish cipher. Therefore, each hashed password is unique, cannot be deciphered or brute-forced. We enforce users to use strong passwords that are at least 8 characters in length and we do not allow users to set the passwords that are found in commonly used passwords lists.


2-Factor Authentication (2FA): 2-Factor authentication is available in Qualia Analytics Dashboard. All our employees require having 2FA enabled to access any systems to ensure data safety. Institutions can request to enforce two-factor authentication for all of their staff accounts.


API Access: To access the stored data programmatically, specific institutions can access Qualia Analytics API’s that uses JTW authentication tokens to provide secure access with short-lived access tokens that can be refreshed programmatically.


Data Encryption: We encrypt all requests in transit, at rest and in all our backups. Qualia Analytics systems can only be accessed through HTTPS protocol to ensure data integrity, confidentiality, and availability.


Data Portability: Qualia Analytics enables you to export your data from our system in a variety of formats such as XLS, CSV, PDF, HTML, SPSS so that you can back it up, or use it with other applications.


Privacy: We have a comprehensive privacy policy that provides a very transparent view of how we handle your data, including how we use your data, who we share it with, and how long we retain it.

Availability

High Availability: Our application servers are placed under a load balancer to handle the traffic and auto-scale when needed. Our databases are set up as sharded clusters, therefore if the server fails a new primary node will be promoted.


Power: Servers have redundant internal and external power supplies.


Uptime: Continuous uptime monitoring, with immediate escalation to Qualia Analytics staff for any downtime.

Network Security

Uptime:  Continuous uptime monitoring, with immediate escalation to Qualia Analytics staff for any downtime.


Third Party Scans: Weekly security scans are performed by Qualys.


Testing: System functionality and design changes are verified in an isolated test “sandbox” environment and subject to functional and security testing prior to deployment to active production systems.


Firewall: Firewall restricts web server access to all ports except 80 (http) and 443 (https). Our database servers are only accessible from the internal network.


Patching: Latest security patches are applied to all operating system and application files to mitigate newly discovered vulnerabilities.


Access Control: Role-based access is enforced for systems management by authorized engineering staff.


Logging and Auditing: Central logging systems capture and archive all internal systems access including any failed authentication attempts.

Storage Security

Backup Frequency: Automatic database backups are scheduled to run every hour. Backups are encrypted using a public-private key encryption and stored in multiple geographically disparate sites. Database backups are stored for 1 year allowing to fully restore a system from any point of time.


Production Redundancy: Data is stored on a RAID 10 array. O/S stored on a RAID 1 array.

Organizational & Administrative Security

Training: We provide security training where appropriate.


Audit Logging: We maintain and monitor audit logs on our services and systems (our logging systems generate gigabytes of log files each day).


Two-factor security: All our critical systems are enforced with 2 Factor security to avoid password compromises.

Software Development Practices

Stack: We code in JavaScript, Java, PHP and Go. Our data is stored in MongoDB, MySQL and Redis. Our productions servers run on Ubuntu LTS versions.


Coding Practices: Our engineers use best practices and industry-standard secure coding guidelines to ensure the code produced is reliable, robust and secure.

Handling of Security Breaches

Despite best efforts, no method of transmission over the Internet and no method of electronic storage is perfectly secure. We cannot guarantee absolute security. However, if Qualia Analytics learns of a security breach, we will notify affected users so that they can take appropriate protective steps. Our breach notification procedures are consistent with our obligations under various state and federal laws and regulation, as well as any industry rules or standards that we adhere to. Notification procedures include providing email notices or posting a notice on our website if a breach occurs.

Your Responsibilities

Keeping your data secure also depends on you ensuring that you maintain the security of your account by using sufficiently complicated passwords and storing them safely. You should also ensure that you have sufficient security on your own systems, to keep any survey data you download to your own computer away from prying eyes. Your password can be changed by accessing your Account Settings via the dashboard. You may also enable 2-factor security from your account settings for additional security.

Custom Requests

Specific security questions can be addressed by contacting our System Administrators, and your question and accompanying details may be forwarded to a member of our Development Team.