Millisecond Software, LLC takes your security and privacy concerns seriously. This Security Statement is intended to provide a transparent look at our security infrastructure and practices to help assure that your data are sufficiently protected.
Inquisit Lab enables data collection on dedicated computers and laptops that may or may not have network access. Data from each Inquisit testing session is by default saved locally on the device in the same folder as the script. Inquisit Lab is designed to work with access restriction and disk encryption tools provided by the computer's operating system as well as most third party vendors.
Millisecond provides each customer a unique user name and password that must be entered each time a customer logs on. Millisecond issues a session "cookie" only to record encrypted authentication information for the duration of a specific session. The session "cookie" does not include either the username or password of the user. Millisecond does not use "cookies" to store confidential user and session information, but instead implements more advanced security methods based on dynamic data and encoded session IDs.
Customers login to secure areas of the site using industry standard Secure Socket Layer (SSL) technology, which protects data using both server authentication and data encryption, ensuring that data are safe, secure, and available only to customers providing valid login credentials for the account.
Password and credit card information are always sent over secure, encrypted SSL connections.
Data from participants are always uploaded to the server using secure, encrypted SSL connections.
Customers can delete data from the server at any time, at which point the data are completely removed from server and, after a 1-week buffer, from our tape backup system. If a customer does not delete the data, they are retained on the server for 5 years, after which Millisecond may delete or archive the files at its discretion.
We are PCI-DSS compliant. If you purchase our products using a credit card, your card number, expiration date, CVS code, billing name, and billing address are transmitted directly to our credit card processor in order to process the transaction. Only the billing name, address, and last 4 digits of the card number are stored in our systems.
Millisecond’s web servers are located in Overland Park, Kansas, USA. The facility is staffed and surveilled 24/7. It is secured by security guards, visitor logs, and entry requirements (card keys and biometric recognition), and digital surveillance equipment that monitors the data center. The facility has environmental controls for temperature, humidity, and smoke/fire detection. The facility has SAS70, ISO27002, and PCI certification.
The servers reside behind high-availability firewalls and signature-less and signature-based intrusion prevention systems. All network layers are scanned in real time to detect spyware, spam, viruses, worms, Trojans, Web-based exploits, and blended threats. Automated network security audits are conducted to the standards and requirements of the SANS/FBI security test, the U.S. Department of Homeland Security's published recommendations and the Payment Card Industry Data Security Standard.
All software on the server is kept current with the latest patches, updates, and service packs. To reduce the surface area exposed to attacks, the servers run only those software components that are mission critical, with all non-essential components and functions removed or disabled.
The web site is coded in ASP.NET 4.0 running on Windows 2008 Server and SQL Server 2008.
Our engineers use best practices and industry-standard secure coding guidelines to ensure secure design and implementation.
Access to sensitive data and systems is granted on an as-needed basis. All newly hired personnel with access to sensitive data are subject to background checks. We maintain audit logs on all of our systems that provide an exhaustive account of which personnel have accessed which systems. We also maintain internal information security policies, including incident response plans, and regularly review and update them.
Despite best efforts, no method of transmission over the Internet, or method of electronic storage, is perfectly secure. Therefore, we cannot guarantee absolute security. If Millisecond learns of a security breach or potential security breach, we will attempt to notify affected users electronically so that they can take appropriate protective steps. Millisecond may also post a notice on our website if a security breach occurs. Of course, any security breach will be fully investigated to determine how the breach occurred and what data and systems might have been affected in order to prevent such an incident from happening again in the future.
If you have questions about Millisecond security, please email us at .