Your Data Security is Our Top Priority
QA Find is built with enterprise-grade security from the ground up. We protect your data with industry-leading practices and compliance certifications.
SOC 2 Type II
Certified for security, availability, and confidentiality
GDPR Compliant
Full compliance with EU data protection regulations
ISO 27001
Information security management system certified
HIPAA Ready
Available for healthcare customers with BAA
Built with Security in Mind
Every aspect of QA Find is designed with security as a core principle, not an afterthought.
Encryption at Rest
All data is encrypted at rest using AES-256 encryption, the industry standard for data protection.
Encryption in Transit
All data transmitted between your browser and our servers is encrypted using TLS 1.3.
Secure Infrastructure
Hosted on AWS with enterprise-grade security controls, redundancy, and 99.99% uptime SLA.
Access Controls
Role-based access control (RBAC) with granular permissions and SSO integration.
Audit Logging
Comprehensive audit logs for all actions with immutable storage and retention policies.
Threat Detection
24/7 monitoring with automated threat detection and incident response procedures.
Data Backup
Automated daily backups with point-in-time recovery and geographic redundancy.
Disaster Recovery
Comprehensive disaster recovery plan with RTO < 4 hours and RPO < 1 hour.
How We Protect Your Data
Our comprehensive security program covers every aspect of our operations.
- Security-first development lifecycle (SDLC)
- Regular code reviews and static analysis
- Dependency scanning and updates
- Secure coding guidelines and training
- Virtual private cloud (VPC) isolation
- Network segmentation and firewalls
- Intrusion detection and prevention
- Regular vulnerability scanning
- Multi-factor authentication (MFA)
- Single sign-on (SSO) support
- Principle of least privilege
- Regular access reviews and audits
- 24/7 security operations center
- Documented incident response plan
- Regular tabletop exercises
- Customer notification procedures
Transparency You Can Trust
We believe in transparency when it comes to security. Our Trust Center provides real-time visibility into our security posture, compliance status, and operational metrics.
- Real-time system status and uptime
- Compliance certificates and reports
- Penetration test summaries
- Subprocessor list and DPA
Trust Center
Powered by Vanta
Frequently Asked Questions
Where is my data stored?
Your data is stored in AWS data centers in the United States (us-east-1 and us-west-2). Enterprise customers can request data residency in EU (eu-west-1) or other regions.
Who has access to my data?
Access to customer data is strictly limited to authorized personnel who require it for support or operational purposes. All access is logged and audited.
How long do you retain my data?
We retain your data for as long as your account is active. Upon account deletion, we purge your data within 30 days, except where required by law.
Do you share my data with third parties?
We never sell your data. We only share data with service providers necessary to operate our platform, all bound by strict data processing agreements.
Can I export my data?
Yes, you can export all your data at any time through your account settings or by contacting support. We provide data in standard formats.
How do you handle security incidents?
We have a documented incident response plan. In case of a security incident affecting your data, we will notify you within 72 hours as required by GDPR.
Found a Security Vulnerability?
We take security seriously and appreciate responsible disclosure. If you've found a vulnerability, please report it through our bug bounty program. We offer rewards up to $10,000 for critical findings.
Up to $10,000 reward for critical vulnerabilities