oqui
Blog
Documentation
Pricing
FAQ
Contact
Toggle theme
Sign In
Sign Up
Security
How we protect your sensitive financial data
Data Isolation
Row-level security (RLS) enforced at the database level ensures complete isolation between accounts.
Your financial documents and assessment data are only accessible to your team members.
Even our staff cannot access your data except for technical support when you explicitly request it.
Encryption
Transport encryption with TLS 1.3 for all data in transit.
Database and file storage encryption at rest using cloud-provider managed keys.
Strict HSTS and secure cookies for authenticated sessions.
Document Handling
Bank statements, payslips, and other financial documents are stored in encrypted object storage with access controls.
Documents are processed through secure, isolated pipelines with no persistent caching.
You can delete individual assessments and their associated documents at any time through the dashboard.
AI Processing
Your data is never used to train AI models without explicit consent.
AI providers are bound by data processing agreements that prohibit retention of your data beyond the immediate processing request.
Document content is transmitted securely and processed in memory only.
Access Control
Role-based access controls at the application level with audit trails for sensitive operations.
Team owners control member access and can revoke permissions at any time.
API keys are scoped to specific accounts and can be rotated or revoked instantly.
Infrastructure
Hosted on enterprise-grade cloud infrastructure with SOC 2 compliance.
Network segmentation between public edge, application layer, and data plane.
Secrets managed via secure vaults; no credentials in code or images.
Payment Security
All payment processing handled by Stripe, a PCI DSS Level 1 certified provider.
We never store credit card numbers or payment credentials on our servers.
Credit purchases are processed securely without data exposure.
Monitoring & Incident Response
Centralized logging with access controls and PII redaction where appropriate.
Runtime monitoring, error tracking, and alerting for availability and security events.
Documented incident response procedures with defined escalation paths.
Compliance
Designed with POPIA (South Africa) and Australian Privacy Act requirements in mind.
Data deletion requests honored promptly in accordance with privacy regulations.
Regular security reviews and updates to maintain compliance with evolving standards.
Responsible Disclosure
Security vulnerability reports are welcome at
security@oqui.io
.
We respond promptly to coordinated disclosure reports and appreciate responsible researchers.