Sign UpLogin With Facebook
Sign UpLogin With Google

Built with Security in Mind

Introduction

Our product offering operates on the premise of highly accurate data, as such security forms a core part of our business. To that end we employ several strategies and policies which aim to ensure our code and back end application does no harm to your website and provides highly accurate and secure data.

Trusted by Thousands Every Day

Our backend infrastructure and code snippets are deployed on literally thousands of sites every day. For this reason security sits as our top priority during every update release and monthly review.

Security Basics

Each embedded code snippet is unique to your account and survey/quiz. The snippet is only updated when your project is saved. We use Javascript and CSS to create embedded surveys/quizzes. The code snippet is fetched over http or https depending upon your sites settings. At no point does our code snippet collect information regarding your website visitors or modify your existing code.

Authentication

We require authentication for all management and data access features. Pages intended to be public are served over an SSL encrypted connection but do not require account authentication. All management and reporting features must be trusted by a validated account which is authenticated over an SSL encrypted connection. We do not enforce password complexity requirements but recommend the following: Passwords should be a minimum of 8 characters and include a mix of uppercase, lowercase and symbols and numbers. We also permit account access via Facebook and Google+ verification. Passwords are hashed and stored in a secure SQL database. No plain text passwords are stored. Multiple invalid login attempts are monitored and will result in account lockout. Account access may be restored with email verification.

We encourage users to periodically update passwords and never use a password shared with another website.

Session Management and Tracking

Each time a user visits our site a unique session identifier is created which allows us to collect anonymous website tracking statistics. We utilize Google analytics for tracking. Examples of information collected include:

  • Date and Time of Visit
  • IP Address
  • Browser and Operating System
  • Screen Resolution and Device Type
  • Interactions with Content
  • IP Geolocation

Encrypted Communication

All direct survey/quiz results are posted using 256bit Rapid SSL encryption updated to use the strongest ciphersuites available.

User Permissions

Each user is assigned access to only a single authenticated account. No users including our staff may access multiple user accounts under a single login. Standard and premium accounts provide only a single type of user account. This account provides full reporting and edit permissions to the authenticated account. Enterprise accounts are split into Administrator and Report roles. Administrators have full edit and reporting permissions and may access account and billing information. Report roles are limited to reporting features.

Audit Logging

We maintain extensive logs in order to review and improve security as well as performance. We log the following:

  • Account Creation
  • Sign-in
  • Sign-out
  • Quiz Creation
  • Quiz Publish
  • Quiz Update
  • Quiz Archiving
  • Quiz Responses
  • Account Upgrade/Downgrade

We record digital fingerprint, IP, browser tag and other related meta fields in our logs. At no time will these logs be made public.

Security Development Cycle

The Quiz Maker development cycle incorporates security as a primary and ongoing focus. The following provides a brief overview of the development cycle.

  1. Initial security requirements defined
  2. Function development
  3. Threat model analysis, security risks and vulnerabilities analysed
  4. Peer code review
  5. Security testing and vulnerability assessment
  6. Feedback based review and refinement

Security Reviews

We utilize automated code vulnerability assessments to find common bugs. Each new feature and update undergoes rigorous testing and review on our dedicated testing platform prior to publishing. Manual code reviews are undertaken by peers. We periodically conduct third party security assessments utilizing various vendors

Bug Feedback Policy

We encourage our users to conduct security assessments but ask to be notified beforehand. We proactively pursue and monitor attacks daily. We consider user feedback integral to the development of our platform and will work with site visitors and customers to ensure the security of our platform and your data.

Information Access

Access to customer information is restricted within our business to the bare minimum of staff required. Access is granted only when it is required in order to support or perform core duties. We rely upon this information in order to evaluate usage trends and form plans for the development of new features. Sensitive information is never shared with anyone outside our business including third party contractors. We will never share or sell or otherwise disclose any data collected for any purpose. Employees are subject to disciplinary action, including but not limited to termination if found to have breached allocated access.

Back End Infrastructure

We utilize the services of Liquid Web to maintain co-location dedicated servers in Michigan and Arizona. Our data centre facilities include:

  1. 24/7/365 hardware support
  2. Military grade redundant power grid
  3. 24/7/365 dedicated onsite security officer
  4. Motion detecting cameras
  5. 22 ton up flow cooling
  6. Tier-1 6 way redundant 1Gbps bandwidth

Our servers operate on Windows Server 2012 and have full disk encryption enabled. Nightly backups of code and data are stored offsite. Servers are patched automatically and reviewed regularly.

Incident Response and Uptime Record

Our security staff receive SMS notifications of outage and security related issues. Third party checks for service availability are performed every 15s. Average response time to outages is less than 5 minutes. We have maintained 100% uptime for a period of 18 months.

Credit Card Payments

Quiz Maker utilizes secure Stripe payment processing for online credit card transactions. Stripe provide secure payment processing for many of the webs largest sites including Kickstarter, Pinterest and shopify.

  • Payments are fully automated with an immediate response.
  • Your complete credit card number cannot be viewed by Quiz Maker or any outside party.
  • All transactions are performed under 256 Bit SSL Certificate.
  • All transaction data is encrypted for storage within Stripes bank-grade data centre, further protecting your credit card data.
  • Stripe is an authorised third party processor for all major banks.
  • Stripe at no time touches your funds; all monies are directly transferred from your credit card to the merchant account held by Quiz Maker.

Further Information

Quizzes deemed to be offensive, illegal or defamatory may be removed at our sole discretion. If you have a complaint about a specific quiz please contact us via the link below and make sure you send us the link.

Should you require further clarification or have a suggestion in regards to our privacy policy please do not hesitate to get in contact with us