Effective: 28th of January, 2019
Security is one of the biggest considerations in everything we do. If you have any questions after reading this, or encounter any issues, please let us know.
Qualitista forces HTTPS for all services using TLS 1.2+ (SSL), including our public website and our app, to keep your data safely encrypted in transit. Your data is also encrypted at rest with LUKS.
- We harden our servers with additional security measures, like making sure restrictive firewalls are configured and login is only allowed in a secure manner
- Access to our servers is tightly controlled and we keep audit logs of all issued commands
- We regularly patch and update the software we run & we do periodic scans to find out-of-date software
We use HSTS to ensure browsers interact with Qualitista only over HTTPS. We use various other HTTP security headers to keep our network traffic as restricted as possible.
Qualitista employs and develops security-aware people. We demand MFA from our employees for all external services where possible, use a password manager for both personal passwords and secret management.
Account and data security
In addition to the work we do at the infrastructure level, we provide Account Administrators with additional tools to limit their users' access to Customer Data via role management. You can also configure Qualitista to never store sensitive Customer Data - we provide the option to mask out any contact details (e-mail, phone number), the client's name and their bank credentials. That way nothing sensitive will rest on our side.
Deletion of Customer Data
Qualitista provides the option for an account owner to delete Customer Data at any time via removing the Support Desk integration. Qualitista then hard deletes all information from currently-running production systems (excluding account, team and ticket internal IDs, embedded in URLs in web server access logs). Qualitista services backups are destroyed within 14 days.*
We send you emails only from qualitista.com addresses and we have set up DMARC reject mode to make it hard for criminals to send phishing emails from our domain.
If you have additional questions regarding security, we are happy to answer them. Please write to firstname.lastname@example.org and we will respond as quickly as we can.