Security Statement
We are committed to following industry best practices to ensure the security of our platform and your data.
12 March 2023
This document outlines the practices at Assessment Generator to keep your data and your respondents’ data secure.
Physical Security
All production systems are hosted on servers provided by a third-party cloud hosting platform. That hosting provider employs industry-standard physical access controls to prevent unauthorized access to server infrastructure.
Employees of Assessment Generator who have access to customer data use up-to-date operating systems and the access controls provided in the operating system to prevent unauthorized access to their devices.
Compliance
The Assessment Generator platform fully complies with the European general data protection regulation (GDPR).
By default, assessments created on the platform are also GDPR compliant. Assessment authors may substitute their privacy policy on their assessments. If they do so, it is incumbent upon the assessment author to ensure that their privacy policy meets that standard.
Access Control
Agolix implements industry standard access control protocols for all servers and databases, using standard strong password techniques. All employees are required to utilize password protection on their devices.
Data Security
- All data transfer to and from Assessment Generator production servers is encrypted. This includes web traffic (HTTPS) and transfers performed as part of development (SSL, SCP, etc.).
- Access to servers is restricted to authorized users by means of strong and unique passwords and limiting such access to only personnel that require it.
- Frequent data backups are maintained to allow for timely disaster recovery.
- All passwords stored in our database are encrypted using Bcrypt.
- Assessment Generator utilizes a third-party payment processor. Assessment Generator does not store full credit card numbers, and Assessment Generator employees cannot access client card numbers.
Breach notification
Although we employ industry-standard security protocols, no system is guaranteed 100% safe. If Assessment Generator learns of a data breach, we will promptly notify affected clients.