Data Privacy

Acceptance of These Terms of Service

At StarQuiz AI, the security of your data is our highest priority. We are committed to transparency about how we handle security and ensure your data is protected. If you have additional questions regarding security, please contact us at cem@starquiz.ai. We will respond as quickly as possible.

Confidentiality

We enforce strict controls over employee access to the data provided via StarQuiz services, as defined in agreements covering the use of our services (“Customer Data”). We are dedicated to ensuring that Customer Data is accessed only by those with legitimate need.To operate and support the StarQuiz services, certain employees may have access to systems that store and process Customer Data. For example, diagnosing a technical issue may require limited access to your Customer Data.

These employees are prohibited from accessing Customer Data unless absolutely necessary, and all such access is logged.We implement technical controls, audit policies, and require all employees and contract personnel to adhere to our strict Customer Data policies. Breaches of these policies are treated with the utmost seriousness.
‍

Compliance

StarQuiz services are hosted in environments that maintain multiple certifications for their data centers, including:
‍
•SOC Reports
‍
For additional details about certifications and compliance, refer to the StarQuiz hosting provider’s Trust and Security website.
‍

Data Encryption In Transit and At Rest

StarQuiz services use modern encryption standards to ensure data protection:

• Encryption in Transit: All traffic between systems and clients is encrypted using the latest recommended secure cipher suites and protocols.

• Encryption at Rest: Customer Data is encrypted when stored.

We monitor the evolving cryptographic landscape to identify potential weaknesses and promptly implement updates to maintain best practices while balancing compatibility for older systems when appropriate.‍

Availability‍

We recognize that the availability of StarQuiz services is critical to your workflow. Our systems are designed to ensure high availability through fault-tolerant infrastructure, capable of withstanding server or data center failures.

The StarQuiz operations team performs regular disaster recovery tests and maintains a 24/7 on-call team to quickly address unexpected incidents.‍

Disaster Recovery

To ensure availability, Customer Data is stored redundantly across multiple locations in our hosting provider’s data centers.

• Backups of Customer Data and source code are automatically created nightly.

• Restoration processes are thoroughly tested and allow us to recover from significant disasters.

• The operations team is immediately alerted in case of a failure in backup systems.‍Network ProtectionStarQuiz employs sophisticated monitoring and network security measures, including:

• IP Allowlisted Authentication: All server access requires authentication from pre-approved IP addresses.

• Firewall Configuration: Firewalls are set up following industry best practices, with unnecessary ports blocked using security group configurations.

Logging

Our production environment features centralized logging systems that track metrics related to:

• Security

• Monitoring

• Availability

• Access

Logs are continuously analyzed for anomalies and security events using automated monitoring tools, overseen by our dedicated security team.

Incident Management & Response

In the event of a security breach, StarQuiz will promptly notify affected users of any unauthorized access to Customer Data. We have detailed incident management policies and procedures in place to handle such events effectively and minimize potential impact.

External Security Audits

StarQuiz engages in ongoing security compliance efforts, including:

• Automated Compliance Monitoring: Using DSALTA to perform continuous audits.

• Regular Assessments: Conducting internal self-assessments bi-annually to ensure alignment with industry standards.

• Web Platform Scanning: Leveraging hybrid automated scanning tools to regularly evaluate the security of our platform.‍

Product Security Practices

All new features, functionality, and design updates undergo a rigorous security review process, which includes:

• Security reviews facilitated by our security team.

• Automated static code analysis.

• Manual peer reviews and testing before deployment.

Our security team collaborates closely with development teams to address any vulnerabilities identified during the development process.Contact UsIf you discover a vulnerability in StarQuiz, please report it to cem@starquiz.ai.