1. Certified standards and legal compliance2. Infrastructure and business continuity3. Application security and access control4. Continuous development and resilience testing5. Individual standards and dedicated solutions

Your data security is our top priority

At Questy, we believe that trust is the foundation of modern business. That is why our ready-to-use solutions: Questy CRM, Questy Service,Questy Commerce, and our dedicated solution, Questy Business, are built upon the highest standards of information security protection.

Your data security is our top priority

1. Certified standards and legal compliance

The formal foundation that guarantees the stability and legality of your operations.

  • ISO/IEC 27001 certification: Our information security management processes comply with international standards. This serves as proof that your data is protected systematically, rather than just through ad-hoc measures. Learn more about our ISO/IEC 27001 certification
  • Full GDPR compliance: We design our software following the Privacy by Design principle. You can be certain that the processing of personal data within Questy systems is conducted in full accordance with current legal regulations.
  • Data residency in the European Union: We exclusively utilize data centers located within the EU. Your data remains subject to European protection standards and never leaves the secure legal jurisdiction of the Union.
iso

2. Infrastructure and business continuity

Your company operates without interruption, and your data is always exactly where you need it.

  • Partnerships with industry leaders (OVHcloud): We collaborate with trusted infrastructure providers, ensuring the highest level of physical protection for our servers.
  • Automated backups: We perform regular backups of all data. In the event of human error or hardware failure, we are fully equipped to restore the system.
  • Stability monitoring: We conduct daily software stability tests and receive immediate notifications regarding any potential irregularities.
  • Traffic monitoring: Our monitoring systems detect unusual traffic patterns. Every atypical behavior is logged and analyzed, allowing us to react instantaneously to new types of network threats.
  • Collaboration with CERT: We actively monitor CERT (Computer Emergency Response Team) security bulletins and encourage our clients to report any suspicious activity or register their own resources for monitoring.

3. Application security and access control

Tools we put in your hands so you can be at ease.

  • Data Encryption (SSL/TLS): Every connection to the system is protected using bank-grade SSL/TLS protocols. While SSL is the industry-standard term, we utilize the most modern TLS (Transport Layer Security) 1.2/1.3 with AES-256 encryption. This ensures your passwords and commercial data remain fully encrypted and invisible to unauthorized parties.
  • Two-factor authentication (2FA): We offer an additional layer of protection for logins, which drastically reduces the risk of account takeovers by unauthorized individuals (implementation based on individual pricing).
  • Permissions management (RBAC): We utilize Role-Based Access Control (RBAC) to provide granular authority over your data environment. This framework is a cornerstone of GDPR compliance, as it enforces the `principle of least privilege`, ensuring that personal data is only accessible to personnel whose specific professional roles require it. As an administrator, you can define precise user roles to prevent unauthorized data exposure and maintain a strict, auditable chain of access.
  • Strong password policy and reporting: The system enforces the use of secure passwords and defines the frequency of required changes. Additionally, it monitors failed login attempts (including lockouts) and generates clear user activity reports.

4. Continuous development and resilience testing

Proactive protection, our security standards evolve alongside your business.

  • Regular updates: Every new version of the system provides not only new features but, most importantly, the latest security patches.
  • Security testing: We regularly test our solutions for vulnerabilities to ensure that no security gap goes unnoticed.
  • Tracking security trends: We constantly monitor global trends in cybersecurity and emerging attack vectors. This allows us to proactively update our systems by introducing modern defensive mechanisms.

5. Individual standards and dedicated solutions

Support for companies with specific or advanced security requirements.

  • Alignment with internal standards: We design and implement specific security measures required by your company’s internal IT policy. We can adapt the system architecture to meet your unique security guidelines and governance needs.

Have more questions about security?

Don't leave your data to chance. Consult with our security specialists today to learn how our multi-layered defense strategy can be tailored to meet your organization's unique compliance and growth goals.