Privacy and Security Statements

View Security Statement

Privacy Statement

Thank you for your interest in QDS-Web™, a product of NOVA Research Company (NOVA). NOVA is strongly committed to maintaining the privacy of your personal information and the security and integrity of our computer systems. With respect to the collection, use, and disclosure of personal information, NOVA makes every effort to comply with applicable federal law, including the Privacy Act of 1974, the Paperwork Reduction Act of 1995, the Freedom of Information Act, and other relevant legislation and standards.

NOVA does not collect personally identifying information about you when you visit the QDS-Web™ site unless you choose to provide such information. The information we receive depends on what actions you take when visiting our site.

When you visit the QDS-Web™ website, we collect and store the following information:

  • Internet Protocol (IP) address. An IP address is a unique identifier that enables the fundamental protocols for communication between devices connected to the Internet, for example to allow your computer to exchange information with
  • The Internet domain name of a computer accessing, such as from a corporation ("") or university ("").
  • The date, time, and duration of your visit to the site.
  • The URL of a referring page if a visitor accesses via a link on a page from a third-party site.
  • General information about your computer's configuration, such as the type and version of web browser (for example, Internet Explorer 11.0, Mozilla Firefox 26.0), operating system (for example, Unix, Mac OS, MS Windows), Java support (yes or no), Flash version, screen resolution (for example, 1280x800), and similar data used to optimize the design, functionality, and compatibility of
  • The specific pages a computer accesses when it requests information from
  • The amount of data (measured in number of bytes) transmitted from to a requesting computer.
  • Contents of the persistent tracking cookie (see Cookie Use Notice below)

This information is used to create summary statistics that allow us to count the number of visitors to the different sections of our site, identify what information is of most and least interest, determine technical design specifications, monitor system performance, and help us make our site more useful.

If you identify yourself by sending an email containing personal information:
You may decide to send us personally identifying information, such as your mailing address, in an email message requesting information to be mailed to you. Information collected in this manner is used solely for responding to requests for information or records. We may forward your email to other NOVA employees who are better able to help you. NOVA will not sell, share, or provide such information to any other party except under extenuating circumstances such as a subpoena from law enforcement authorities.

If you follow a link to other sites outside QDS-Web™:
Our website includes links to other sites. When you follow links to these other sites, you are no longer on and are subject to the privacy policy of the other site.

Email Filtering Notice
NOVA uses an automated Unsolicited Commercial E-Mail (aka spam) filtering system on all messages entering the NOVA Research Company network. This filtering process enhances the security of NOVA systems and the professionalism of the workplace and enables NOVA staff to serve our customers better. On rare occasions, this filtering process may prevent us from receiving your email or may delay our response. If you do not receive a timely response to your message and suspect it may have been caught up in our filters, please contact us by telephone (301-986-1891) regarding your inquiry.

Cookie Use Notice
NOVA employs "cookies" to provide better service to our customers. We do not use cookies to collect any personally identifying information from users or to track user activities beyond our website. This means that when you visit a page on, the web browser on your computer may download and save a small file from so that our website can recognize your specific browser when you use in the future.

Cookies fall into two categories, based on the length of time they remain active:

  • Session cookies last only as long as a web browser is open. Once the browser is closed, the data files on your computer are deleted.
  • Persistent cookies last beyond a single session of browsing. These cookies allow a website to recognize a computer or user for a defined amount of time.

The QDS-Web™ site uses the following web measurement and customization technologies:

  • Session cookies are used for essential technical purposes, such as remembering the state of a survey in progress from one page to another, or facilitating navigation and optimal user experience while using the administration tools.
  • Third-party session cookies are used by our analytics provider (currently Google Analytics). The analytics provider does not receive personally identifying information through these cookies and does not combine, match, or cross-reference information with any other information. Site analytics are an important resource NOVA uses to evaluate the design of, and guide ongoing development decisions for the benefit of our customers.
  • Persistent cookies are used to recognize a computer that has previously visited The QDS-Web™ site sets persistent cookies to assess which pages are popular, how often visitors access the website, and other measures to optimize design and functioning of the site. These cookies do not collect personally identifying information.

How you can control website measurement and customization technologies:
Visitors can control aspects of website measurement and customization technologies used on Visitors who choose to disable cookies entirely will still have access to basic information on However, the tools for designing, administering, and responding to hosted surveys all require the use of session cookies, and will not function properly if such cookies are blocked, or deleted in the middle of a session.

You can choose not to accept cookies from any website, including, by changing the settings of your browser. You also can delete cookies stored in your browser at any time. Instructions for setting your browser security can be found at

The QDS-Web™ site is part of a private computer system and is monitored to ensure it remains available to all users and to protect the integrity of the information contained in the system. By accessing this website, you consent to these monitoring activities.

Unauthorized attempts to defeat or circumvent security features, to use the system for purposes other than those for which it was intended, to deny service, to alter, damage, or destroy information, or otherwise to interfere with the system or its operation is prohibited. Evidence of such acts may be disclosed to law enforcement authorities and result in criminal prosecution under the Computer Fraud and Abuse Act of 1986, the National Information Infrastructure Protection Act of 1996, and other applicable criminal laws.

Automated retrieval program (robot) activity
NOVA Research Company is committed to providing data promptly and according to reasonable user experience standards. Automated retrieval programs (commonly called "robots" or "bots") can cause delays and interfere with other customers' timely access to information. Therefore, excessive robot activity on NOVA websites is prohibited.

NOVA reserves the right to block robots that access the website in any way that NOVA considers excessive or malicious, including robots that attempt to access or download information multiple times per second with resulting degradation of service to others. NOVA also reserves the right to block robots that do not contain information that can be used to contact the owner. Blocking may occur in real time.

Security Statement

NOVA recognizes and respects that users entrust QDS-Web™ with their survey data, and we make it a priority to take our users' security and privacy concerns seriously. We strive to ensure that user data is stored securely, and that we collect only as much personal data as is required to provide our services to users in an efficient and effective manner.

This Security Statement is provided in an effort to be transparent about our security infrastructure and practices, and to help reassure you that your data is appropriately protected.

Application and User Security

  • SSL/TLS Encryption: All interactions between users and require secured, encrypted SSL/TLS connections. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protect communications by using both server authentication and data encryption. These protocols ensure that user data in transit across the Internet is legitimate and protected from interception by unintended recipients.
  • User Authentication: User information in our databases is partitioned by account-based access rules so that users can only access data for which they have explicit permission. User accounts have unique usernames and passwords that must be entered each time a user accesses secure sections of the QDS-Web™ application.
  • User Passwords: User application passwords have minimum complexity requirements.
  • Data Encryption: Certain sensitive user data, such as credit card details and account passwords, are stored internally in an encrypted format in all relevant databases.
  • Data Portability: QDS-Web™ enables you to copy your data to local storage via secure download into the QDS™ Warehouse Manager desktop application included with QDS-Web™. From the QDS™ Warehouse Manager, you can then export your data in a variety of interchange formats so that you can take personal responsibility for backup, or use it with other applications.

Physical Security

  • Data Centers: The information systems infrastructure (servers, networking equipment, etc.) that hosts is co-located at third-party SSAE 16 Audited data centers. NOVA owns and manages all of our server hardware and software operating environment.
  • Data Center Security: Our data centers are staffed and monitored 24/7. Access is secured by building guards, visitor logs, video surveillance, and restricted entry to equipment areas, e.g., via passcards and/or biometric authentication.
  • Environmental Controls: Our data center is maintained at controlled temperatures and humidity ranges which are continuously monitored and kept within an optimal operating range. Automated smoke and fire detection, response, and suppression systems are also in place.
  • Location: All QDS-Web™ servers are located in the United States.


  • Connectivity: Fully redundant IP network connections with multiple independent connections to a range of Tier 1 Internet access providers.
  • Power: Servers have redundant internal and external power supplies. Our data center premises also have building-wide emergency backup generators able to provide power for up to two days in the event of a prolonged grid outage.
  • Uptime: NOVA continuously monitors the responsiveness of all QDS-Web™ systems, with automated immediate notification to key support personnel in the event of any disruption or systems failure.

Network Security

  • Testing: System functionality and design changes are verified in an isolated test development environment and subject to functional and security testing prior to deployment to active production systems.
  • Firewall: An independent network firewall restricts access to all ports on except 80 (http) and 443 (https).
  • Updates: All systems are automatically maintained with current security and bug-fix updates to mitigate vulnerabilities. Updates are applied to all operating system and applications according to standard best practices.
  • Access Control: Secure remote access, authentication, and role-based permissions are enforced for systems management by authorized engineering staff.
  • Logging and Auditing: Central logging systems record and archive all significant internal systems events including failed authentication attempts.

Storage Security

  • Backup Frequency: QDS-Web™ servers are backed up daily to secure storage independent of primary operating hardware, and can be quickly restored to replacement servers in the event of serious primary system failure.
  • Production Redundancy: Operating systems and data are stored on a redundant mirrored RAID 1 hard disk array.

Organizational & Administrative Security

  • Employee Screening: NOVA performs background screening on all employees.
  • Training: NOVA provides security and technology use training for all employees.
  • Service Providers: NOVA contractually requires all service providers and third parties to follow appropriate confidentiality and security policies if such services require storage, access to, or handling user data in any way.
  • Access: NOVA defines and enforces permissions to access sensitive data in our databases, systems and environments according to a least-privilege necessary basis.
  • Audit Logging: NOVA maintains and regularly reviews audit logs on all QDS-Web™-related computer systems.
  • Information Security Policies: We maintain internal information security policies, including incident response plans, according to the Department of Health and Human Services Certification and Accreditation Process Overview requirements and National Institute of Standards and Technology (NIST) Special Publication 800-53: Recommended Security Controls for Federal Information Systems. These policies are regularly reviewed and updated.

Systems Software Architecture

  • Operating System: QDS-Web™ is built using Microsoft Windows Server 2008 R2, Microsoft SQL Server 2008 R2, and Oracle Glassfish Java EE Server.
  • Programming Practices: NOVA's software engineers use best practices and industry-standard secure programming guidelines to ensure robust and functional application development.

Handling of Security Breaches

Despite best efforts, no method of transmission over the Internet and no method of electronic storage can be perfectly secure. NOVA Research Company cannot 100% guarantee the absolute security of user interactions or data stored on However, if NOVA learns of a security breach, we will notify affected users as soon as possible so that they can take appropriate protective steps. Our breach notification procedures are consistent with our obligations under various local, state, and federal laws and regulations, as well as relevant industry rules and standards as described in this privacy and security statement. Notification procedures include contact via email, phone, and/or a clear and obvious notice on the site.

Your Responsibilities

Keeping your customer data safe is also dependent on you proactively ensuring that you maintain the integrity of your account by using sufficiently complex passwords and storing them in a secure manner. You should also ensure that you maintain sufficient security on your own systems, to keep any survey data you download to your own computer protected from unauthorized access.


If you have any questions about NOVA's privacy or security practices and technologies implemented in QDS-Web™, please email us at