Security

Security is foundational to Quantilence. We process sensitive identity documents and we take that responsibility seriously.

Certifications

SOC 2 Type II

Annual audit covering security, availability, and confidentiality.

GDPR Ready

Data processing agreements, EU data residency, and DPO contact available.

ISO 27001

Information security management system certification.

OWASP Top 10

Annual penetration testing against OWASP Top 10 vulnerabilities.

Security practices

Encryption in transit and at rest

All data encrypted with TLS 1.3 in transit and AES-256 at rest.

Zero data retention

Documents submitted to APIs are not stored beyond the request lifecycle.

Infrastructure isolation

Customer data is logically isolated. Enterprise plans support dedicated infrastructure.

Access controls

Role-based access, MFA enforcement, and audit logs for all administrative actions.

Responsible disclosure

If you discover a security vulnerability, please report it to security@quantilence.com. We respond to all reports within 24 hours and aim to resolve critical issues within 72 hours. We follow coordinated disclosure practices and do not pursue legal action against researchers who follow these guidelines.