Qtrac’s Security and Privacy teams establish and enforce policies and controls, monitor compliance, and demonstrate our security posture to third-party auditors. Our foundational principles include:
• Least Privilege: Access is granted only to those with a legitimate business need.
• Defense-in-Depth: Multiple, layered security controls are in place.
• Consistent Controls: Security measures are uniformly applied across the enterprise.
• Iterative Improvement: Security is not static—we continuously refine controls to strengthen resilience, maintain compliance, and minimize operational friction.

Qtrac undergoes independent security audits and aligns with SOC 2, HIPAA, and GDPR standards, ensuring seamless compliance for organizations operating in regulated industries. We proactively assess and enhance our security framework to meet evolving global regulatory requirements. Compliance documentation is available upon request.

Data at Rest:
Qtrac best-in-class encryption to safeguard data at rest, with strict access controls and secure key management practices.

Data in Transit:
All data transmissions are secured using modern encryption protocols to ensure integrity and confidentiality.

Secret Management:
We implement strict key management policies to ensure the security of encryption keys and credentials.

Penetration Testing:
We conduct regular independent penetration testing to evaluate and strengthen our security posture. Summary reports are available upon request.

Vulnerability Scanning & Risk Management:
We integrate automated security testing across our software development lifecycle, ensuring that vulnerabilities are identified and remediated based on risk prioritization. Security risks are addressed following a structured, risk-based remediation process that aligns with industry best practices.

Endpoint Security:
All devices accessing or storing sensitive data have encryption enabled and are secured with antivirus, firewalls, EDR, and MDM solutions.

Vendor & Third-Party Security:
We follow a rigorous vendor management process to ensure security across the supply chain:
• Vendor Assessment: All partners undergo security evaluations to validate their compliance with industry standards.
• Continuous risk monitoring: We regularly assess vendor security posture, ensuring adherence to contractual security requirements.

Secure Remote Access:
Remote access is secured using multi-factor authentication, encryption, and strict session monitoring. All sessions are monitored and audited for compliance.

Security Education:
We provide ongoing security awareness training to employees to strengthen our human firewall.

Qtrac enforces strict centralized identity management policies, requiring multi-factor authentication and regular access reviews.

Data privacy is a first-class priority. We continuously update our practices to meet regulatory standards.
• Privacy Policy & DPA: Available at https://qtrac.com/privacy-policy
• We work exclusively with trusted infrastructure partners that meet stringent security and privacy requirements.

• Sensitive Data: Includes PII, financial records, intellectual property, trade secrets, and other high-impact data.
• Internal Data: Information for internal use such as operational data and employee records.
• Public Data: Information meant for public release, including marketing materials and general product information.

• At Rest: All sensitive data is encrypted using AES-256.
• In Transit: All communications use TLS 1.3.
• Endpoint & Database: Devices and databases implement encryption per regulatory and best-practice standards.
• Email: Sensitive email communications are encrypted as required.

• Encryption Keys: Encryption keys are managed using secure and controlled storage mechanisms.
• Certificate Management: Digital certificates (SSL/TLS, code signing, etc.) are issued only after formal requests, renewed before expiration, and revoked if compromised. Private keys are stored securely with restricted access.

Qtrac maintains continuous security monitoring, with real-time threat detection to prevent unauthorized access and mitigate risk. We utilize advanced security analytics to detect, investigate, and respond to threats in real time. Qtrac follows a structured incident response framework, ensuring rapid threat containment, root cause analysis, and remediation.