We understand that your trust is of the utmost importance, and we are committed to ensuring that your information is safeguarded to the highest standards.

At Qase, we take the security and privacy of your data seriously.

This page provides an overview of our security measures, privacy policy, and other relevant information to help you understand how we protect your data.

Your data both when it's stored (at rest) and when it's being transmitted (in transit).

We use strong encryption to protect your data: TLS for user requests, AES-256 for data at rest and secure remote access via SSH or VPN.

GDPR compliance: Adhering to strict data protection regulations, we have robust security measures, transparent data practices, and a clear commitment to safeguarding your personal information, ensuring your privacy and trust.

Qase is SOC 2 Type II compliant: You can request a copy of the report by sending a message to [email protected]

ISO/IEC 27001:2022 compliant: The full compliance report can be provided upon request, please send a message to [email protected]
​

Penetration Testing report: Qase undergoes an annual penetration testing audit conducted by a third-party agency.

SOC 3 compliant: You can download the SOC 3 report directly from here.

​

Our operations are hosted on AWS (Amazon Web Services), taking advantage of their state-of-the-art backup technologies to enhance our security measures.

We host data in AWS, US-EAST-2 zone.

We employ a multi-layered backup strategy to enhance data integrity:

Nightly Backups: We perform nightly backups to capture your data's latest state.

Point-in-Time Backups: We maintain point-in-time backups, enabling us to restore specific snapshots of your data.

Mandatory Pre-release Backups: Before every release, we create backups to safeguard against any unforeseen issues.

Regular Verification: Our backups undergo regular verification and checks to ensure their reliability.

Geographical Redundancy: Backups are stored in separate geographical locations to minimize risks.

We employ sub-processors to offer essential infrastructure and services.

Before engaging with them, we assess their privacy, security, and confidentiality practices and then establish an agreement to uphold our obligations. You can read more here.

Only the people you invite into your workspace have access to your data. Our employees do not have any access to your data, ensuring your privacy and security.

We use role-based security to control access to information. Employees get access to data based on approvals and need-to-know basis.
​
We review these access rights every quarter to ensure it's necessary.

Our Privacy Policy outlines the principles that govern the collection, use, and disclosure of your personal information. We are dedicated to respecting your privacy and maintaining transparency. You can read more here.