Security Statement of EyeQuestion Software
This security statement explains how by Logic8 B.V. trading as EyeQuestion Software (“us”, “we”, or “our”) protects customer data when using products and services offered by EyeQuestion Software. We refer to those products, services and websites collectively as the “services” in this statement.
For questions about our security statement, please do not hesitate to contact us.
Email us at: [email protected]
Call us on: +31 (0)481 350 370 or
Write to us at: Nieuwe Aamsestraat 90D, NL-6662NK, Elst, The Netherlands
EyeQuestion Software is dedicated to protecting all customer data using industry best standards. Our customer base demand the highest levels of data security and have tested our services previously to verify that it meets their standards. In each case, we have surpassed expectations and received high praise from large international organisations.
Ways we protect our customer data
EyeQuestion Software’s most important concern is the protection and reliability of customer data.
- Our servers are protected by high-end firewall systems, and scans are performed regularly to ensure that any vulnerabilities are quickly found and patched.
- Complete penetration tests are performed regularly.
- All services have quick failover points and redundant hardware, with backups performed daily.
- Access to systems is severely restricted to specific individuals, whose access is monitored and audited for compliance.
This Security Statement is aimed at being transparent about our security infrastructure and practices, to help reassure you that your data is appropriately protected. Customer data is stored in a secure location. In addition, all data is solely processed in that location, and is never moved to another jurisdictional area. In other words, if data is collected in the EU, all data is also processed and stored in the EU. Options for physical server locations are currently; Ohio (USA) and Frankfurt (Germany).
EyeQuestion Software uses the most advanced technology for Internet security which is currently commercially available. EyeQuestion Software uses Transport Layer Security (TLS) encryption (also known as HTTPS) for all transmitted data. Our services are hosted by trusted data centers that are independently audited using the industry standard SSAE-16 method. EyeQuestion Software is ISO 27001/2022 certified and therefore meets or exceeds the minimum requirements as outlined in ISO 27001/27002.
EyeQuestion is fully compatible and comply with General Data Protection Regulation (GDPR) requirements.
EyeQuestion runs on dedicated and fully managed cloud servers hosted within a secure state-of-the-art data center run by AWS, the world’s leading hosting company.
The main reason we have chosen AWS as our hosting company is that they comply to the most important security certifications and standards.
Using Physical server security and the security of data are ensured through several industry standard safeguards, including:
1. Physical security of data center
AWS data centers hosting EyeQuestion services are fully certified and independently audited. Specific security initiatives including:
- Staffed 24x7x365 with separate security lobby and continual surveillance. Electronic security features with card key access.
- Data center access limited to AWS approved personnel.
- Security camera monitoring at all data center locations with CCTV archived video as well as alarm systems.
- Unmarked facilities with confidential physical addresses (restricted to authorized AWS personnel).
2. AWS provide several network protection and firewall systems including:
- Redundant 3-tier LAN Architecture
- Zero-Downtime guarantee protected by dedicated firewall
- Port Monitoring Service
- Anti-virus protection with the EyeQuestion servers running the latest versions of anti-virus with anti-virus signatures updated daily.
3. Hardware availability
Hardware availability is ensured through the choice of AWS world-class data centers with redundant power and HVAC systems, and covered by a worst case scenario 1-hour Hardware Replacement guarantee ensuring that any hardware faults are repaired immediately no matter what time they may occur. There is a 2-hour commencement of onsite data restores in the event of a worst-case scenario hardware failure – ensuring that a new server is up and running again with recovered data within 2 hours.
Server availability and performance
In addition to automatic alerts, EyeQuestion Software’s approved personnel routinely checks the EyeQuestion system status to ensure optimum performance. These checks include web applications, services and the EyeQuestion database integrity. EyeQuestion uses Managed Services for AWS which continuously monitors the availability of all standard ports, CPU, Memory, Disk space and if any test fails the 24x7x365 support staff will initiate an automatic restart of the server. Cloudflare is used to ensure a fast, reliable content delivery network with added CDN, DNS, DDoS protection and security.
Data redundancy, backup and restore
EyeQuestion makes use of AWS Managed Backup facility. This fully managed daily backup over a dedicated backup network and uses an integrated system of Daily and Weekly Encrypted Backups and System images. All daily backups are retained for 30 days, weekly backups for 60 days. System Images are created daily as well as weekly and are retained for 7 days.
Disaster recovery
Many parts of EyeQuestion’s own disaster recovery plan are also covered by our data center supplier – AWS. This includes automatic replacement of faulty hardware, data recovery and restarting of servers by the 24x7x365 support staff at AWS.
Software updates
The EyeQuestion application and Systems are updated and installed using patched Systems. All updates are tested prior to installation to ensure full compatibility with EyeQuestion.
Handling of Security Breaches
Despite best efforts, no method of transmission over the Internet and no method of electronic storage is perfectly secure. We cannot guarantee absolute security.
However, if EyeQuestion learns of a security breach, we will notify affected users so that they can take appropriate protective steps. Our breach notification procedures are consistent with our obligations under various state and federal laws and regulation, as well as any industry rules or standards that we adhere to. Notification procedures include providing email notices and/or posting a notice on our website if a breach occurs.
Your Responsibilities
Keeping your data secure also depends on you ensuring that you maintain the security of your account by using sufficiently complicated passwords and storing them safely. As a user of EyeQuestion, you should also ensure that you have sufficient security on your own systems, to keep any survey data you download to your own computer away from prying eyes. We offer TLS to secure the transmission of survey responses, but it is your responsibility as a EyeQuestion user to ensure that your surveys are configured to use this feature where appropriate.
Custom Requests
For specific security questions or custom security requirements please contact our Support team on [email protected]