Qualio Security Practices

Each organisation using Qualio expects their data to be secure, confidential, and private. We understand how important this is to our customers and work to the best of our abilities to ensure all three expectations are met. Please review the information below regarding our current policies and practices, along with our Privacy Policy and Terms of Service. This is a living document and we will update it as our service evolves and industry practices change.

Experienced Team

Even before Qualio, we've been putting services on the internet for a long time. We're good at it. Our engineering team are experienced and keep their skills up to date as industry best practices evolve. We've coded, tested and administered services running on servers in data centers around the world and we bring the collective wisdom that comes with decades of secure practice to the operation of the Qualio service.

Availability

We understand that you rely on Qualio to work. We're committed to making Qualio a highly-available, ultra-reliable service that you can always count on. We build systems that tolerate the failure of servers, keep multiple copies of your data online for redundancy, practice disaster-recovery measures often, and always have staff on-call to quickly resolve unexpected incidents. To date, we've maintained 99.999% uptime and this will continue into the future.

Data Encryption

Content uploaded to Qualio is encrypted in transit using 128-bit SSL encryption. Qualio uses 256-bit AES at rest, and is further protected by an encryption key-wrapping strategy that also utilises 256-bit AES encryption. We monitor the security community's output closely and work promptly to upgrade the service to respond to new vulnerabilities as they are discovered.

Secure Physical Location

Our servers are located in Amazon's AWS data centers. They've devoted an entire portion of their site to explaining their security measures, which you can find here:

https://aws.amazon.com/compliance/

Data redundancy

The entire system is backed up every hour, and these encrypted backups are stored in a separate, secure location with a 60 day retention period. These system backups are encrypted prior to leaving application servers.

Confidentiality

We regard the information you store in Qualio as private and confidential to your organisation. We place strict controls over our employees' access to internal data and are committed to ensuring that your data is never seen by anyone who should not see it.

While the operation of the Qualio service would not be possible unless there were some technical employees with sufficient system permissions to enable them to access and control software that stores and indexes the content you add to your Qualio account, this team is kept purposefully small and are prohibited from using these permissions to view customer data unless it is necessary to do so.

All of our employees and contractors are bound to our policies regarding customer data and we treat these issues as matters of the highest importance within our company.

There are limited circumstances when we ever share customer content without first obtaining permission. These are outlined in our Privacy Policy.

Data export options

If you choose to stop using Qualio, we will make a copy of your customer content available to you. This content can be made available in PDF, JSON or XML based format. Additionally, a public API is in development which will allow on-demand, direct access to content.

Did this answer your question?