Security & Trust Center
QRZone is built on certified infrastructure that maintains 17 compliance certifications across US, EU, and international regulatory frameworks. Start your security review below.
Compliance Certifications
QRZone's infrastructure is independently audited and certified against leading security and privacy standards through our certified platform partner.
United States
SOC 2
CertifiedType II audit covering Security, Availability, and Confidentiality Trust Service Criteria. Continuous monitoring and annual re-assessment.
HIPAA
CompliantHealth Insurance Portability and Accountability Act compliance for Protected Health Information (PHI). BAA available for Enterprise customers.
HITECH
CompliantHealth Information Technology for Economic and Clinical Health Act. Strengthened HIPAA enforcement and breach notification rules.
PCI DSS
CertifiedPayment Card Industry Data Security Standard. Self-Assessment Questionnaire (SAQ-D) Attestation of Compliance for Service Providers.
CCPA
CompliantCalifornia Consumer Privacy Act. Full personal information disclosure, right to know/delete/correct, opt-out mechanisms, and service provider obligations.
CPRA
CompliantCalifornia Privacy Rights Act (CCPA amendment). Sensitive personal information controls, expanded consumer rights, and GPC signal support.
European Union
ISO 27001
CertifiedInternational standard for Information Security Management Systems (ISMS). Comprehensive risk management and security controls framework.
GDPR
CompliantEU General Data Protection Regulation. Lawful basis processing, data subject rights, DPIAs, Standard Contractual Clauses, and 72-hour breach notification.
NIS 2
CompliantEU Network and Information Systems Directive 2. Enhanced cybersecurity risk management, incident reporting, and supply chain security.
DORA
CompliantDigital Operational Resilience Act. ICT risk management framework for the EU financial sector covering resilience testing and incident management.
DSA
CompliantEU Digital Services Act. Transparency obligations, content moderation, and user protection for digital services operating in the European Union.
TISAX
AssessedTrusted Information Security Assessment Exchange. VDA automotive industry standard for information security assessment (Level 2 assessed).
International & Data Transfer Frameworks
EU-US DPF
CertifiedCertified under the EU-US Data Privacy Framework for lawful transatlantic data transfers, replacing Privacy Shield.
Swiss-US DPF
CertifiedCertified under the Swiss-US Data Privacy Framework for lawful data transfers between Switzerland and the United States.
UK DPF
CertifiedUK Extension to the EU-US Data Privacy Framework for lawful data transfers between the United Kingdom and the United States.
PIPEDA
CompliantCanada Personal Information Protection and Electronic Documents Act. Privacy obligations for commercial activities across Canadian provinces.
nFADP
CompliantSwiss Federal Act on Data Protection (new FADP). Updated Swiss data protection law with enhanced individual rights and cross-border transfer rules.
Security Architecture
Every component of QRZone is built with defense-in-depth principles.
Encryption at Rest & In Transit
All scan data, user data, and campaign configurations encrypted using AES-256 at rest and TLS 1.3 in transit. Zero unencrypted data pathways.
Access Control & Authentication
RBAC with granular permissions, MFA enforcement, SSO integration (SAML/OIDC), and session management with configurable timeouts.
Audit Logging & Monitoring
Comprehensive audit trails for all administrative actions, API calls, and data access events. Real-time anomaly detection and alerting.
Infrastructure Redundancy
Multi-region deployment with automatic failover, load balancing, and disaster recovery. 99.9% uptime SLA with CDN-accelerated delivery.
Incident Response
Documented procedures with defined severity levels, escalation paths, 72-hour notification timelines, and post-incident review processes.
Vulnerability Management
Regular penetration testing, dependency scanning, code review, and responsible disclosure program. Security patches within defined SLA windows.
Security Program
A comprehensive security program spanning data, application, infrastructure, corporate, and risk management domains.
Data Security
- Access monitoring
- Data backups with encryption
- Data erasure procedures
- Data classification
Product Security
- Audit logging
- Data security controls
- Third-party integrations review
- Security testing
Application Security
- Penetration testing
- Responsible disclosure program
- Bot detection
- DDoS mitigation
Access Control
- Least privilege enforcement
- Internal SSO
- Data access governance
- Session management
Infrastructure
- Status monitoring
- Anti-DDoS protection
- Virtual private cloud
- CDN edge security
Network Security
- Firewall rules
- Spoofing protection
- VPC isolation
- Intrusion detection
Corporate Security
- Asset management
- Email protection
- Employee training
- Background checks
Risk Management
- Risk assessments
- Supply chain review
- Third-party dependency audit
- BCP/DRP planning
Security Documents
Detailed security documentation is available under NDA for enterprise customers and prospects conducting vendor security assessments.
Confidentiality Notice
Private documents contain sensitive security information and are available only under a mutual Non-Disclosure Agreement (NDA). To request access, contact our security team at security@qrzone.io or use the request form. Access is granted on a need-to-know basis for enterprise vendor assessments, procurement reviews, and regulatory audits.
Need a Security Review?
Our security team is available to discuss your requirements, provide documentation under NDA, and support your vendor assessment process.