Publication date: August 8, 2018
Hope this note finds you well.
I understand that you are highly rated and used by many satisfied customers, but with all due respect I still have a few security concerns as I have a business to run.
I value the simplicity of your service, it allows me to create and customize forms at my convenience. My customers will need to use the forms that I create to upload sensitive information and documentation. I don’t know how comfortable they would feel in doing so through a system that is not as “trusted” as Oracle or Google, for example. I do trust you, but I need some kind of tangible proof that their sensitive information and documentation is safe. How can I best assure them that their data is secure?
Publication date: August 20, 2018
Hope this finds you well. i apologise for not paying in time. However, i was trying to develop an online database for my company so that they can buy the idea. Its so unfortunate that my account was closed in the due process.
In this regards i was requested by my boss to inquire from you on the following issues:
1. How safe is the data on the Application i develop, in other words they need to know about the security of the data i will be posting on my application?,
2. can i send an sms reminder with a customised message to someone’s phone?
3. can this application be hosted on mobile phone to use it so. In other words to make it user friendly?
4. who to pay, when and how.
5.Can i get a hundeler/ helper/ support person whom i can contact directly incase of anything like seeking for assistance and guidance.
Lastly, i kindly request you unlock my Applications for only three weeks so that i can present to my bosses for review and approvals. That’s is my humble request.
hope to hear from you soon from my personal mail.
Data Protection EU
Publication date: August 10, 2018
We are a small non-profit in Denmark using your platform to store some sensitive information about our members (PII). To my understanding your servers are located in California and this could leave us liable under the new data protection act. Is this true?
Publication date: September 17, 2018
Is QuintaDB secure?
We’ve done everything possible to ensure a safe keeping of your data and the data you collect. Our servers are backed up onsite and offsite to data centers.
How safe is your server?
Our servers are located in a secure environment. We use RackSpace. All data is located in the USA. We also use Standard encryption and security technologies (128 bit SSL encryption) are employed to prevent interference or access from outside intruders.
Only employees of QuintaDB .com can access our servers, and they only have access to your data when you expressly request help or in the course of identifying and resolving problems with QuintaDB.com service.
All data that resides on our servers is archived regularly in the event of any malfunction that causes data loss.
Will anyone be able to see my data?
Yes, if you wish. Your data can only be accessed by registered users in your application, unless you actively choose to make it public. The administrator of each application (i.e., you) controls registration of new users and what sort of access every user has.
As a company that takes data security and privacy very seriously, we recognize that QuintaDB’s information security practices are important to you. While we don’t like to expose too much detail around our practices (as it can empower the very people we are protecting ourselves against), we have provided some general information below to give you confidence in how we secure the data entrusted to us.
Data Center Security
- QuintaDB serves thousands of databases a month for thousands of users. We use multiple MTAs, placed in different world-class data centers around the United States.
- Our data centers manage physical security 24/7 with biometric scanners and the usual high tech stuff that data centers always brag about.
- We have DDOS mitigation in place at all of our data centers.
- We have a documented "in case of nuclear attack on a data center" infrastructure continuity plan.
Protection from Data Loss, Corruption
- All databases are kept separate and dedicated to preventing corruption and overlap. We have multiple layers of logic that segregate user accounts from each other.
- Account data is mirrored and regularly backed up off site.
Application Level Security
- QuintaDB account passwords are hashed. Our own staff can't even view them. If you lose your password, it can't be retrieved—it must be reset.
- All login pages (from our website and mobile website) pass data via TLS.
- The entire QuintaDB application is encrypted with TLS.
- Login pages and logins via the QuintaDB API have brute force protection.
- We perform regular external security penetration tests throughout the year using different vendors. The tests involve high-level server penetration tests, in-depth testing for vulnerabilities inside the application, and social engineering drills.
Internal IT Security
- QuintaDB offices are secured by keycard access and biometrics, and they are monitored with infrared cameras throughout.
- Our office network is heavily segmented and centrally monitored.
- We have a dedicated internal security team that constantly monitors our environment for vulnerabilities. They perform penetration testing and social engineering exercises on our environment and our employees. Our security team includes OSCP and CISSP certified members.
Internal Protocol and Education
- We continuously train employees on best security practices, including how to identify social engineering, phishing scams, and hackers.
- Employees on teams that have access to customer data (such as tech support and our engineers) undergo criminal history and credit background checks prior to employment.
- All employees sign a Privacy Safeguard Agreement outlining their responsibility in protecting customer data.
- In order to protect our company from a variety of different losses, QuintaDB has established a comprehensive insurance program. Coverage includes, but is not exclusive to: coverage for cyber incidents, data privacy incidents (including regulatory expenses), general error and omission liability coverage, excess cyber liability coverage, property and business interruption coverage, as well as international commercial general liability coverage.
QuintaDB’s credit card processing vendor uses security measures to protect your information both during the transaction and after it is complete. Our vendor is certified as compliant with card association security initiatives, including the Visa Cardholder Information Security and Compliance (CISP), MasterCard® Site Data Protection Program (SDP), and Discovery Information Security and Compliance (DISC).
Protecting Ourselves Against You
Yes, you heard that correctly. We can secure ourselves like Fort Knox, but if your computer gets compromised and someone gets into your QuintaDB account, that's not good for either of us.
- We monitor and will automatically suspend accounts for signs of irregular or suspicious login activity.
- Certain changes to your account, such as to your password, will trigger email notifications to the account owner.
- We monitor accounts and campaign activity for signs of abuse.
- In addition to our scalable algorithms, we employ another layer of human reviewers, who monitor for anomalous account and email activity.
- We provide the ability to establish tiered-levels of access within accounts.