Security Policy

Last Updated: February 20, 2025

At Quizgecko, security is a top priority. We are committed to protecting user data and ensuring the integrity of our systems. This Security Policy outlines the technical and organizational measures we implement to safeguard personal data and maintain service reliability.

1. Data Protection & Encryption

  • All data in transit is encrypted using TLS 1.2 or higher, and we implement industry-standard security measures to safeguard stored data
  • Sensitive data, including passwords, is hashed and stored securely

2. Access Control & Authentication

  • User authentication is secured using industry-standard bcrypt hashing
  • Support for two-factor authentication (2FA) for all system access by our team members
  • Role-based access control (RBAC) restricts access to sensitive data
  • Employees and contractors have least privilege access to systems
  • Access to log information is highly restricted and available only to trusted developers
  • Secure SSH key authentication or centralized log management platform (Papertrail) with 2FA is required for log access

3. Infrastructure Security

  • Hosted on Hetzner, a secure cloud infrastructure provider with ISO 27001 certification
  • Content delivery and DDoS protection provided by Cloudflare
  • Regular security patches and updates applied to all systems

4. Monitoring & Incident Response

  • 24/7 monitoring for security threats, unauthorized access, and system anomalies
  • Automated alerts for unusual activity, reviewed by security personnel
  • Incident response plan in place to handle security breaches and notify affected users

5. Data Retention & Log Management

  • User data is retained only as long as necessary for service provision
  • Log information is automatically deleted after 2 weeks to balance security and operational needs
  • Measures are in place to prevent sensitive user data from being stored in logs
  • All passwords are hashed immediately upon receiving them

6. Compliance & Best Practices

  • Adheres to UK GDPR and EU GDPR for data protection and processing
  • Regular security audits and penetration testing conducted
  • As we continue to mature our security program, we will evaluate formal ISO 27001 certification and further refinements to access controls

7. Reporting Security Issues

If you believe you have discovered a security vulnerability, please contact us at [email protected]. We take all reports seriously and appreciate responsible disclosure.

For more details on our security practices, please review our Privacy Policy and Data Processing Addendum.

Use Quizgecko on...
Browser
Open
Browser
Browser