How is your data secured?
March 31, 2020
This article has not been updated recently
We also try to minimize the amount of personally identifiable information we collect (e.g. we ask for year of birth, but not date of birth, and zipcode, but not street address), while recognizing that the research does require some basic demographic info.
We also implement security best practices to avoid that data falling into the wrong hands. To do that we use several technologies:
Project Galileo by Cloudflare
As a public interest group conducting vital research our services are kindly protected by Cloudflare for free under Project Galileo. This helps us fight distributed denial of service (DDoS) attacks - from individual hackers as well as adversary groups or governments - to keep our service online. Cloudflare's technology is used by IBM, Thomson Reuters and Zendesk amongst others.
We use Sqreen to protect accounts from hacking and other malicious activities. Their services help us to prevent data breaches, stop account takeovers, and block service logic attacks.
We partner with Pentest to uncover and remedy security vulnerabilities within our infrastructure.
We encrypt any user data we store or transfer. Encryption is a way of scrambling data so that only authorized parties can understand the information. In simple terms, encryption takes readable data and alters it so that it appears random.
Data is transferred over HTTPS to our servers, this is the same transfer protocol that would be used if you enter your credit cards details on a website. Data is also encrypted at rest by our database.
In the unlikely event that our security is compromised – we have partnered with Digital Shadows who monitor the regular web and the dark web to detect data leakage.