QXX.fi
Security

Security is foundational, not a feature.

How we protect data, where we are on compliance, and how to report a vulnerability. We treat the security of institutional data as the baseline for everything we build.

Posture

How we protect data.

The controls behind the platform — designed so a security review is a formality, not a blocker.

Encryption everywhere

Data is encrypted in transit (TLS 1.2+) and at rest with industry-standard ciphers.

Least privilege

Fine-grained, role-based access with short-lived credentials and no shared secrets.

Isolation & tenancy

Strong tenant isolation, with VPC-peered and on-prem options to keep data in your perimeter.

Monitoring & audit

Comprehensive logging and immutable audit trails for access, queries and exports.

Secure SDLC

Code review, dependency scanning and automated checks gate every release.

Vendor diligence

Sub-processors are vetted and held to equivalent security and privacy standards.

Compliance

Where we are on the roadmap.

An honest snapshot for a pre-launch platform. Ask us for our latest security package and reports.

SOC 2 Type IIIn progress
ISO 27001Planned
GDPRReady
Penetration testingAnnual
SSO / SAMLAvailable
Data residency (VPC / on-prem)Available
Data handling

How your data is treated.

  • Encryption — TLS 1.2+ in transit and strong encryption at rest across all storage.
  • Residency — deploy in your region, your VPC, or fully on-prem to meet data-residency requirements.
  • Access — least-privilege, role-based permissions with SSO/SAML and per-dataset entitlements.
  • Retention — configurable retention with deletion on request, subject to legal obligations.
  • Auditability — every access, query and export is logged to an immutable audit trail.
Responsible disclosure

Found something? Tell us.

We welcome reports from security researchers. If you believe you’ve found a vulnerability, email security@qxx.fi with details and steps to reproduce.

Please give us reasonable time to investigate and remediate before public disclosure. We commit to acknowledging reports promptly and will not pursue action against good-faith research that respects user privacy and avoids service disruption.

Get started

Need our security package?

Request our latest documentation, reports and questionnaire responses, or book time with our team.

Usage-based pricing · Free tier · SOC 2–aligned