Login

Quickscribe Security

Quickscribe has taken significant measures to ensure that information and annotations posted on our site are secure. This page will provide you with an overview of the security environment.

How and where is the data stored?

Annotation data is stored in a table within a MySQL database on the Quickscribe web server. The server and backups are located within Canada and satisfy all requirements of Section 30.1 of the BC Freedom of Information and Protection of Privacy Act (BC-FOIPOP or FIPPA) in regard to the storage and access of data. Refer to our Privacy Policy.

What is the physical security at the server location?

The following protocols are in place at the main server facility:

Access key cards or biometric scanning
24/7/365 on-site security guards
SSAE 16 certified (n/a in all locations)
Dual interlocking door and tailgate-proof mantrap

What is the application security?

The server is accessed for management using SSH (encrypted). Any transfers of data/databases/install-packages to and from the live server are done using scp/sftp (fully encrypted).

All database queries are run through a database abstraction layer to prevent SQL Injection (hacking).

Who has access to it?

Only Quickscribe personnel and authorized Quickscribe developers with webserver access and database access privileges can see the data in the database.

Additionally, those Quickscribe staff members that do have administration privileges are limited to the type of data they can view as they cannot read the annotation text and only see that users are posting annotations via the administrative interface. Annotation text on Organizational and Private Annotations is fully encrypted and never displayed to administration staff.

Permissions

Permissions are a type of security that is used within the application that prevents one user from seeing another user's data. Whenever a user views any annotation, the annotation is checked against the current user's encrypted password to see if they are allowed to view that annotation. If they don't have access to the annotation, it won't be displayed.

Overview of permission rules:

Encryption: Which fields are encrypted?

All text within Private and Organizational Annotations are encrypted. This data is not encrypted on Community annotations since they are considered public. Those posting annotations also have the ability to upload and attach a document to an annotation.

While these documents will follow the same authentication rules as the annotations (documents attached to an Organizational Annotation can only be viewed by those in your organization), the documents themselves will not be encrypted.

A message stating this fact will be prominently displayed when uploading such a document.