Quickscribe has taken significant measures to ensure that information and annotations posted on our site are secure. This page will provide you with an overview of the security environment.
Annotation data is stored in a table within a MySQL database on the Quickscribe web server. The server and backups are located within Canada and satisfy all requirements of Section 30.1 of the BC Freedom of Information and Protection of Privacy Act (BC-FOIPOP or FIPPA) in regard to the storage and access of data. Refer to our Privacy Policy.
The following protocols are in place at the main server facility:
Access key cards or biometric scanning
24/7/365 on-site security guards
SSAE 16 certified (n/a in all locations)
Dual interlocking door and tailgate-proof mantrap
The server is accessed for management using SSH (encrypted). Any transfers of data/databases/install-packages to and from the live server are done using scp/sftp (fully encrypted).
All database queries are run through a database abstraction layer to prevent SQL Injection (hacking).
Two-factor authentication (TFA) is required to access the QS administrative database.
Only Quickscribe personnel and authorized Quickscribe developers with webserver access and database access privileges can see the data in the database.
Additionally, those Quickscribe staff members that do have administration privileges are limited to the type of data they can view as they cannot read the annotation text and only see that users are posting annotations via the administrative interface. Annotation text on Organizational and Private Annotations is fully encrypted and never displayed to administration staff.
Permissions are a type of security that is used within the application that prevents one user from seeing another user's data. Whenever a user views any annotation, the annotation is checked against the current user's encrypted password to see if they are allowed to view that annotation. If they don't have access to the annotation, it won't be displayed.
All text within Private and Organizational Annotations are encrypted. This data is not encrypted on Community annotations since they are considered public. Those posting annotations also have the ability to upload and attach a document to an annotation.
While these documents will follow the same authentication rules as the annotations (documents attached to an Organizational Annotation can only be viewed by those in your organization), the documents themselves will not be encrypted.
A message stating this fact will be prominently displayed when uploading such a document.