Magpi takes the security and the safety of your data very seriously. We use the best tools and engineering practices available to build and maintain the Magpi system, and we have a dedicated team making sure that the system is secure. Your files are stored securely and backed-up in at least two locations in two US cities at least daily – though we also strongly recommend that you regularly download and backup your data independently. Your account login is protected by many layers of security including password verification.

Other Magpi users can’t see the data for any of your forms in Magpi, or your account data, unless you deliberately give them the privileges to do so (via the Sharing tab). Note that forms (ie, the questions and logic) are visible by default  to all users of the Magpi system, unless you specifically make the forms private (via the Properties tab).

Magpi employees are prohibited from viewing the form data or other data you store in your account unless you share it with them for purposes of support. Employees may access metadata (e.g., data file names and size and locations) when they have a legitimate reason, like providing technical support. Like most online services, we have a small number of employees who must be able to access user data for the reasons stated in our privacy policy (e.g., when legally required to do so). But that is very unusual. We have strict policies that prohibit employee access except in these rare circumstances. In addition, we employ a number of physical and technical security measures to protect user information from unauthorized access by any other parties.

More technical information:

  • The Magpi website and client software are constantly being evaluated and hardened to enhance security and protect against attacks.
  • Full-device encryption can be accomplished on Android, and iPhone platforms using the built-in tools for each of those platforms (on the iPhone, this is a 1 minute process).
  • While most Magpi users utilize the internet (e.g. GPRS, 3G, wifi, etc) to download forms to mobile devices, and to upload data, it is possible to enter data from any phone by SMS, or to upload data from the Symbian app by SMS, or to send information by SMS. The data in those cases is not encrypted, and this is therefore the least secure way to transmit information.
  • Public files are only viewable by people who have a link to the files.
  • Magpi uses Rackspace Cloud Storage for data storage, which has a robust security policy of its own. You can find much more information on Rackspace Security here.
  • Magpi uses modern encryption methods to transfer your data, including Secure Sockets Layer (SSL) and AES-256 bit encryption (with the exception of data transmitted by SMS). Like your bank, Magpi.com utilizes Verisign’s Extended Validation SSL (EV-SSL) certificate, identifiable by the green notice in your URL bar, which incorporates:
    • 256 bit encryption
    • Daily website malware scanning

 

Revised September 2014