Security & Data Protection

Last updated:

Your security and privacy are our top priorities. Learn about the comprehensive measures we take to protect your data, secure our platform, and maintain the highest standards of information security.

Security at a glance

End-to-end encryption

All data is encrypted in transit and at rest using industry-standard AES-256 encryption.

SOC 2 compliance

We follow SOC 2 Type II standards for security, availability, and confidentiality.

24/7 monitoring

Continuous security monitoring and automated threat detection across all systems.

Contents

1. Data Encryption

Encryption Standards

  • Data in Transit: All data transmitted between your browser and our servers is protected using TLS 1.3 encryption
  • Data at Rest: All stored data is encrypted using AES-256 encryption with regularly rotated keys
  • Database Encryption: Database files, backups, and logs are encrypted at the storage level
  • Key Management: Encryption keys are managed through AWS Key Management Service (KMS) with strict access controls

We implement multiple layers of encryption to ensure your quiz content, user responses, and personal information remain secure throughout their entire lifecycle on our platform.

2. Infrastructure Security

Cloud Infrastructure

  • • Hosted on secure AWS infrastructure
  • • Multi-region redundancy for high availability
  • • Auto-scaling security groups and firewalls
  • • Regular security patches and updates

Network Security

  • • Web Application Firewall (WAF) protection
  • • DDoS protection and rate limiting
  • • Network segmentation and isolation
  • • Intrusion detection and prevention systems

Our infrastructure is built on enterprise-grade cloud services with multiple layers of security controls, ensuring high availability and robust protection against various types of attacks.

3. Access Controls

Principle of Least Privilege

We implement strict access controls based on the principle of least privilege, ensuring users and systems only have access to the minimum resources necessary to perform their functions.

  • Role-Based Access: User permissions are assigned based on roles and responsibilities
  • Regular Access Reviews: Quarterly reviews of user access and permissions
  • Automated Deprovisioning: Immediate removal of access when employees leave or change roles
  • Administrative Controls: Multi-person approval required for sensitive operations

4. Authentication & Authorization

User Authentication

  • • Strong password requirements
  • • Multi-factor authentication (MFA) available
  • • Session management with automatic timeout
  • • Account lockout protection

System Authentication

  • • API authentication using secure tokens
  • • Service-to-service mutual TLS
  • • Regular credential rotation
  • • OAuth 2.0 and OpenID Connect support

Security Recommendation

We strongly recommend enabling two-factor authentication (2FA) on your account for an additional layer of security.

5. Data Backup & Recovery

Backup Strategy

Real-time
Continuous replication
Daily
Automated backups
99.9%
Recovery guarantee
  • Automated Backups: Daily encrypted backups stored across multiple geographic regions
  • Point-in-Time Recovery: Ability to restore data to any point within the last 30 days
  • Disaster Recovery: Comprehensive disaster recovery plan with RTO of 4 hours and RPO of 1 hour
  • Regular Testing: Monthly backup restoration tests to ensure data integrity

6. Vulnerability Management

Security Testing & Assessment

Automated Security

  • • Continuous vulnerability scanning
  • • Dependency security monitoring
  • • Static code analysis (SAST)
  • • Dynamic application testing (DAST)

Manual Security

  • • Annual penetration testing
  • • Security code reviews
  • • Bug bounty program
  • • Third-party security audits

We maintain a proactive approach to vulnerability management with both automated and manual security testing to identify and remediate potential security issues before they can be exploited.

7. Incident Response

24/7 Security Operations Center (SOC)

Our dedicated security team monitors our systems around the clock, ready to respond to any security incidents immediately.

15 min
Detection time
30 min
Response time
2 hours
Containment
24 hours
User notification

Incident Response Process

  • Detection & Analysis: Automated monitoring systems and security team analysis
  • Containment & Eradication: Immediate steps to contain threats and remove malicious activity
  • Recovery: Restore normal operations with enhanced security measures
  • Post-Incident Review: Comprehensive analysis and improvement of security measures

8. Compliance & Certifications

Current Certifications

  • SOC 2 Type II
  • ISO 27001 (in progress)
  • GDPR Compliant
  • CCPA Compliant

Industry Standards

  • NIST Cybersecurity Framework
  • OWASP Security Guidelines
  • CIS Controls
  • SANS Security Principles

We maintain compliance with major security frameworks and privacy regulations to ensure our platform meets the highest standards for data protection and security.

9. Employee Security

Human Security Measures

  • Background Checks: Comprehensive background verification for all employees
  • Security Training: Mandatory security awareness training for all staff
  • Clean Desk Policy: Physical security protocols for workspace security
  • Device Management: Company-issued devices with endpoint protection
  • Remote Work Security: VPN requirements and secure communication tools

10. Third-Party Security

Vendor Security Management

We carefully evaluate and monitor all third-party vendors and service providers to ensure they meet our security standards.

  • Due Diligence: Security assessments before vendor onboarding
  • Contractual Requirements: Security clauses and data protection agreements
  • Ongoing Monitoring: Regular security reviews and compliance audits
  • Incident Coordination: Joint incident response procedures with key vendors

Trusted Partners

We work with industry-leading security-certified providers including AWS, Vercel, Supabase, and other SOC 2 compliant services.

11. Security Awareness

User Security Best Practices

Account Security

  • • Use strong, unique passwords
  • • Enable two-factor authentication
  • • Log out from shared devices
  • • Review account activity regularly

Data Protection

  • • Avoid sharing login credentials
  • • Be cautious with public Wi-Fi
  • • Keep browsers and devices updated
  • • Report suspicious activity

Security Awareness

Security is a shared responsibility. While we implement comprehensive security measures, your participation in security best practices helps protect your account and data.

12. Security Reporting

Responsible Disclosure

We encourage the security community to help us maintain the highest security standards. If you discover a security vulnerability, we ask that you report it responsibly.

How to Report

  • • Email: musa@aiquizbuilder.com
  • • Include detailed reproduction steps
  • • Provide proof-of-concept if safe
  • • Use encrypted communication if needed

Our Commitment

  • • Acknowledge receipt within 24 hours
  • • Provide regular status updates
  • • Credit researchers (with permission)
  • • No legal action for good-faith research

Security Incident?

If you believe you've discovered an active security incident or breach, please contact us immediately or call our emergency hotline.

Security Transparency

Security Metrics

We publish quarterly security metrics and incident reports to maintain transparency with our users.

Continuous Improvement

Our security program evolves continuously based on threat intelligence and industry best practices.

Community Input

We actively engage with the security community and value feedback to enhance our security posture.

Questions about our security practices? Our security team is here to help.

Contact Security Team

Your security is our priority

Start creating secure quizzes with confidence. Our enterprise-grade security protects your data every step of the way.

Start Creating QuizzesContact Security Team