1. Overview
At Quallie.Ai LTD, our commitment to security is foundational to our operations and services. The primary goal of our security policy is to safeguard the confidentiality, integrity, and availability of data. We strive to ensure that authorized users can access necessary information promptly and securely, reinforcing our mission to provide reliable and secure A.I. enabled software solutions.
Understanding the critical importance of security, we place it at the forefront of our priorities. Our approach is proactive and preventative, ensuring that all data handled by Quallie.Ai LTD remains secure, private, and available as needed by our users. To maintain the highest standards of security, our infrastructure relies exclusively on certified entities namely Google Cloud, Amazon Web Services, Bubble.io and Open AI. We adhere to stringent security protocols including:
Data encryption
All data is encrypted both at rest and in transit, using advanced encryption methodologies to protect against unauthorized access and breaches.
Access control
Access to customer data is rigorously controlled. Employees at Quallie.Ai LTD are permitted to access customer data strictly with customer permission ensuring a transparent and consensual data management process.
Data replication
We employ strategies for data replication to ensure data availability and integrity. This approach ensures uninterrupted access to data, even in the event of hardware failures or other disruptions. Data is stored and replicated in a manner that allows us to retrieve and restore it at any time within a 14-day window.
Ethical data use
Quallie.Ai LTD does not use customer data to train artificial intelligence models or for any other purposes not previously agreed with the client, upholding our commitment to data privacy and ethical use. Our incident response plan ensures that in case of security breaches or data loss, all relevant parties are notified, and access to data is restored swiftly and effectively.
2. Data encryption
At Quallie.Ai LTD, ensuring the security of data, whether at rest or in transit, is paramount. We employ robust encryption methodologies to protect your information from unauthorized access and breaches.
Data at rest
To safeguard data stored on our systems, we utilize industry-standard encryption methods, namely AES-256 encryption, one of the most secure encryption standards available today. This ensures that your data remains protected against external threats and vulnerabilities.
Data in transit
We are committed to protecting data as it moves between our servers and users' browsers. All data in transit is securely encrypted using HTTPS, incorporating TLS (Transport Layer Security) protocols. This not only secures data as it travels across the internet but also helps in maintaining the privacy and integrity of the information being transmitted.
Data encryption key management
Our encryption keys are managed using security practices provided by our cloud service providers (i.e. Google Cloud, Bubble.io, Amazon Web Services). This approach ensures that key management is both secure and compliant with the latest industry standards, without requiring us to directly handle or maintain the encryption keys. Regular updates and rotations of encryption keys are conducted by our providers, aligning with best practices for security and data protection.
3. Access control
Quallie.Ai LTD implements stringent access control measures to ensure that data access is secure, appropriate, and compliant with our privacy standards.
User authentication
We employ two-step authentication to verify the identities of users accessing our internal systems. This enhanced security measure requires not only a password but also a second factor, significantly reducing the risk of unauthorized access.
Authorization and data access
Access to customer data within Quallie.Ai LTD is tightly controlled and managed at the highest level. The Chief Technology Officer (CTO) directly oversees the access permissions, granting access to employees only when strictly necessary and approved by the customer. This ensures that access is always justified, documented, and aligned with customer expectations and legal requirements.
Role-based access control (RBAC)
Our platform utilizes role-based access control (RBAC) to manage permissions efficiently. This framework allows different levels of access depending on the user's role within the organization, ensuring that individuals can only access information essential to their job functions.
Review and revocation of access
Permissions are granted on a case-by-case basis and are promptly revoked when no longer necessary. This process is crucial to maintaining the security and integrity of customer data.
4. Network security
At Quallie.Ai LTD, we prioritize the security of our network infrastructure as a critical aspect of our overall security strategy. We implement robust measures to protect against unauthorized access and cyber threats, ensuring a secure environment for our users and their data.
Encryption and traffic management
All network traffic to and from Quallie.Ai LTD is encrypted using HTTPS, ensuring that data transmitted over the internet is secure and protected from interception. This is a fundamental security measure that helps safeguard user data integrity and confidentiality.
Cloudflare integration
We utilize Cloudflare for our domain management, which enhances global accessibility and provides additional layers of security. Cloudflare's services include advanced DDoS protection, effectively shielding our infrastructure from distributed denial-of-service attacks that could potentially disrupt service availability.
Server security
Our servers are rigorously maintained with the latest security patches and updates. This proactive approach ensures that vulnerabilities are addressed promptly, minimizing the risk of malicious attacks, and securing our infrastructure.
Monitoring and response
We rely on the established security practices of Bubble.io, our platform provider, which includes continuous monitoring of our network for any suspicious activity. Bubble.io's security framework is designed to detect and respond to threats in real time, utilizing advanced security technologies and methodologies to maintain a secure operational environment.
5. Application security
Quallie.Ai LTD is committed to maintaining the highest level of application security by implementing stringent coding practices and security measures throughout our development and operational processes.
Strong password policies
We enforce strong password requirements to enhance user account security. This includes the use of complex passwords that must meet specific criteria to prevent easy guessing or brute-force attacks.
Data segregation
Using Bubble.io's privacy rules, we ensure that data is appropriately segregated within our applications. Bubble.io privacy rules allow us to define conditions under which data can be accessed or modified, ensuring that users can only interact with data relevant to their permissions. This not only enhances security but also ensures compliance with data protection regulations.
Code standards
Our development practices prohibit the storage of sensitive data directly within pages or workflows. By keeping sensitive data out of client-facing layers, we minimise the risk of accidental exposure or security breaches. Also, user actions are also protected by privacy rules, making sure that actions can only be performed by authorised users.
6. Incident response plan
Quallie.Ai LTD has a robust incident response plan in place to address security breaches swiftly and effectively. Our approach ensures that we can manage incidents with the utmost seriousness and minimal impact to our customers.
Initial response and notification
Upon detection of a security breach, our immediate priority is to assess the scope and impact of the incident. We take decisive actions to contain the breach and prevent further unauthorized access. Affected customers are notified as soon as the breach is confirmed and we have a clear understanding of the impact. Communication is transparent, providing details on the nature of the breach, the data involved, and the steps being taken to address the issue.
Responsibility and oversight
The Chief Technology Officer (CTO) is directly responsible for managing the incident response.
Notification to regulatory authorities
In compliance with data protection regulations and industry standards, we notify relevant regulatory authorities within the timelines mandated by law. This ensures that all legal and ethical obligations are met in the handling of the incident.
Remediation and review
Following immediate remediation actions, a thorough investigation is conducted to identify the root cause of the breach. This involves a comprehensive review of our security policies and practices to prevent similar incidents in the future. Enhancements to security measures are implemented based on the findings, and all changes are documented and communicated to relevant stakeholders.
7. Contact us
We continuously evaluate and update our security practices in response to evolving threats and technological advancements. Our commitment to security is integral to our mission, and we remain dedicated to providing a safe and secure service for all our users.
For any further information on specific queries, please contact our security team at security@quallie.ai