QUESTEK SECURITY
Security is a top priority for our team at QuesTek. Our clients deserve high-level security and data protection. The information below outlines our security measures and compliance standards.
Security Practices
Data Encryption Policy: Data security is prioritized through advanced cryptographic controls. We use robust encryption methods, like AES-256, to safeguard your information. You can easily access details about the tools we use, options for implementing your own cryptographic solutions, and information about where your data is stored and transferred. Our encryption practices comply with all relevant laws and international standards. Additionally, we adhere to strict password and PIN requirements to further protect your information. If there’s ever any loss or unauthorized disclosure of encryption keys, we ensure immediate reporting to maintain transparency and security.
Security Audits: 2023 ISO Audit and SOC 3 Audit for period of Nov. 27, 2023-Feb. 26, 2024
Authentication & Access Control: QuesTek requires multi-factor authentication (MFA) for all access, and all access activities are closely monitored and logged. This enhances security by ensuring that only authorized individuals can access sensitive information, while logging and monitoring provide visibility into access patterns, enabling quick detection of any unauthorized or suspicious activities.
Data Privacy
Data Ownership
- If a customer account is involuntarily suspended, then there is a 30 days grace period during which the account will be inaccessible but can be reopened if the customer meets their payment obligations and resolves any terms of service violations.
- If a customer account is involuntarily suspended, then there is a 30 days grace period during which the account will be inaccessible but can be reopened if the customer meets their payment obligations and resolves any terms of service violations.
Privacy Policy
Data Retention
Customer data is retained for as long as the account is in active status. Data enters an “expired” state when the account is voluntarily closed. Expired account data will be retained for thirty (30) days. After this period, the account and related data will be removed. Customers that wish to voluntarily close their account should download their data manually or via the API (if implemented in the future) prior to closing their account.
- If a customer wishes to manually backup their data in a suspended account, then they must ensure that their account is brought back to good standing so that the user interface will be available for their use. After 30 days, the suspended account will be closed and the data will enter the “expired” state. It will be permanently removed thirty (30) days thereafter (except when required by law to retain).