Qualio Security Practices
Even before Qualio, we've been putting services on the internet for a long time. We're good at it. Our engineering team are experienced and keep their skills up to date as industry best practices evolve. We've coded, tested and administered services running on servers in data centers around the world and we bring the collective wisdom that comes with decades of secure practice to the operation of the Qualio service.
We understand that you rely on Qualio to work. We're committed to making Qualio a highly-available, ultra-reliable service that you can always count on. We build systems that tolerate the failure of servers, keep multiple copies of your data online for redundancy, practice disaster-recovery measures often, and always have staff on-call to quickly resolve unexpected incidents. To date, we've maintained 99.999% uptime and this will continue into the future.
Content uploaded to Qualio is encrypted in transit using 128-bit SSL encryption. Qualio uses 256-bit AES at rest, and is further protected by an encryption key-wrapping strategy that also utilises 256-bit AES encryption. We monitor the security community's output closely and work promptly to upgrade the service to respond to new vulnerabilities as they are discovered.
Secure Physical Location
Our servers are located in Amazon's AWS data centers. They've devoted an entire portion of their site to explaining their security measures, which you can find here:
The entire system is backed up every hour, and these encrypted backups are stored in a separate, secure location with a 60 day retention period. These system backups are encrypted prior to leaving application servers.
We regard the information you store in Qualio as private and confidential to your organisation. We place strict controls over our employees' access to internal data and are committed to ensuring that your data is never seen by anyone who should not see it.
While the operation of the Qualio service would not be possible unless there were some technical employees with sufficient system permissions to enable them to access and control software that stores and indexes the content you add to your Qualio account, this team is kept purposefully small and are prohibited from using these permissions to view customer data unless it is necessary to do so.
All of our employees and contractors are bound to our policies regarding customer data and we treat these issues as matters of the highest importance within our company.
Data export options
If you choose to stop using Qualio, we will make a copy of your customer content available to you. This content can be made available in PDF, JSON or XML based format. Additionally, a public API is in development which will allow on-demand, direct access to content.