qderoTrust
Security & Compliance
Qdero handles the financial lifeblood of your business. We treat that responsibility with the same rigour as the world's leading banks — and we publish how we do it.
AES-256 encryption
All Customer Data is encrypted at rest with AES-256 and in transit with TLS 1.3. Keys are managed by HSM-backed key management services.
SOC 2 Type II
Independent SOC 2 Type II audit is in progress. Our control library covers security, availability, confidentiality, and privacy.
GDPR · POPIA · CCPA · LGPD
We support the full set of data-subject rights and execute Standard Contractual Clauses for cross-border transfers.
Resilient infrastructure
Multi-region replication, daily encrypted backups, 99.95% uptime SLA on paid plans, and a public status page.
Access controls
Role-based access, SSO (Google, Microsoft, Okta), SCIM provisioning, mandatory 2FA for admins, and signed audit logs.
Continuous assurance
Continuous vulnerability scanning, third-party penetration testing twice a year, and a public coordinated disclosure programme.
Report a vulnerability
We welcome responsible disclosure. Email security@qdero.com with steps to reproduce. We respond within 72 hours and credit researchers in our hall of fame.
Need our security pack?
Customers on the Scale plan and above can request our SOC 2 readiness report, penetration test summary, sub-processor list, and DPIA template. Email trust@qdero.com.