QualiPeakSecurity
Enterprise-grade protection for your data. We are built for teams that need control, compliance, and clarity.
Your data stays yours
We do not sell, rent, or share your form data or submission content with third parties for their marketing or advertising. You own the data you collect; we process it only to provide and improve the QualiPeak platform as described in our Privacy Policy and your agreement.
Encryption and infrastructure
- In transit: TLS 1.2+ for all connections to the QualiPeak application and API.
- At rest: Data stored in our production environment is encrypted using industry-standard encryption.
- Hosting: Services run on trusted cloud providers with strong physical and logical security controls.
Access control and identity
- No public signup: Only users invited by an administrator can access your organization’s workspace. This reduces risk and simplifies procurement and security reviews.
- Roles and permissions: Admin and user roles with configurable access to forms, submissions, dashboards, and exports.
- Two-factor authentication (2FA): Available for all plans to protect accounts from credential compromise.
- SSO (Enterprise): SAML 2.0 and OpenID Connect for integration with your identity provider (IdP) and consistent access policies.
Compliance and governance
We design our practices to support common enterprise and regulatory requirements:
- GDPR: Data processing as processor, support for data subject rights, retention and deletion controls, and appropriate safeguards for international transfers.
- CCPA: We do not sell personal information; we support disclosure and deletion requests as described in our privacy materials.
- SOC 2: We pursue SOC 2 Type II (or equivalent) assessments for our platform; reports are available under NDA for Enterprise customers.
Data retention and deletion
You can configure retention for form and submission data. We support export and deletion in line with your settings and applicable law. When you request account or data deletion, we delete or anonymize in accordance with our data processing terms.
Monitoring and incident response
We monitor our systems for availability, performance, and security events. We have procedures to assess and respond to incidents and to notify affected customers where required by law or contract.
Security questions and audits
For security questionnaires, compliance documentation, or audit support (e.g. SOC 2, DPAs), contact security@qualipeak.com or your account manager. Enterprise customers can request our standard security overview and, where applicable, SOC 2 reports under NDA.