Quickfire Interactive is owned and operated by Catalyst Global Limited. This Privacy Policy describes Catalyst Global's policies and procedures on the collection, use and disclosure of your information when you use the Quickfire Interactive application offered by Catalyst Global and its licensees and tells you about your privacy rights. This information should be read in conjunction with the Catalyst Global Privacy Policy.
Security Overview
Quickfire Interactive:
has passed the App Store and Play Store and Huawei Store review
is hardcoded to only connect to the Quickfire Interactive servers (only a compromised device or a compromised network could connect it to malicious servers, in which case all data on the device would already be compromised.)
uses https encrypted connections to servers and storage.
Servers
hosted on Digital Ocean - https://www.digitalocean.com/legal/data-security/
hosted in the Digital Ocean NYC1 datacenter, New York,
3 members of the development team have admin
SSH keys are used for authentication
Quickfire Interactive databases
Digital Ocean managed databases - https://www.digitalocean.com/products/managed-databases/
Firewall rules do not allow external access for test and production databases, they can only be accessed from the Quickfire Interactive servers
Quickfire Interactive content and assets
Assets stored on Digital Ocean Spaces - https://www.digitalocean.com/docs/spaces/#features
Catalyst Global allows its licensees to create activity templates for its clients
Participants are not required to have a registration or subscription and do not need to provide any personal information to play an activity.
Uploaded user media
Photos and videos can be uploaded through the
All media generated by participants is stored in the Digital Ocean SFO1 region which is SOC2 Type II and PC-DSS - https://www.digitalocean.com/docs/spaces/#features
SSL encrypted in transit
Access keys are required to list directory
Direct download only possible if you know the filename, but filenames are randomly and uniquely assigned based on an MD5 hash, eg: 3c775a27665e57bef3b4adae1aa09c9987b91f4aea3ea69805ed04527a8f9d82.mp4
Uploaded user data
Text and other answers are transmitted over https
All text answers entered by participants are stored in the Digital Ocean NYC1 region which is SOC2 Type II and ISO/IEC 27001:2013
For more information and to obtain a copy of the certificates please see: https://www.digitalocean.com/trust/certification-reports/
Storage, Archive, Delete Process
Information and media gathered during any event is held for a period of 28 days unless immediate deletion is requested by the client
After 28 days the data is archived and stored in a limited function account.
Data including any cached or backup copies, are deleted 28 days after the start of the archive
Device data
The following data is collected for each device by Huawei/Google/Apple using Quickfire Interactive and can be viewed by the development team via Huawei/Google/Apple dashboards:
