An Account Manager can delegate roles to other users on levels Account and lower
A Channel Manager can delegate roles to other users on level Channel and lower
User roles can be removed during the operation. The user is automatically logged out of all sessions when a role is removed.
A user can only access data according to the role level
Users can be logged out of all active sessions by a manager
Data backup and recovery
uQualio data and applications are backed up on a daily basis
Database backups are regularly restored to verify that we can continue operation with as little potential interruption and data loss as possible
Development processes
All code is managed on a code repository (git), daily backups are made of the repository
All tools for development, build, and deployment are regularly updated according to the vendors' recommendations
User access is limited to the lowest possible level for each individual
Developers must change the password on a regular basis
Information security
Internal data access policy is enforced
Developers do not have access to data in User Acceptance Test (UAT) or Production
Developers do not have access to deployment application and database servers in Development, UAT, or Production
Support staff neither have access to application servers at all nor to database servers in UAT and Production
We perform information security audits with external specialists with focus on the OWASP top 10 and related security risks.
Infrastructure
uQualio uses Amazon Web Services (AWS) for infrastructure and hardware services
Application servers are updated with security patches and other maintenance updates on a regular basis according to the vendors instructions
Database servers are updated with security patches and other maintenance updates on a regular basis according to the vendors instructions
Data access to AWS hosted services is limited to a few persons in the company
The development environment is based on Microsoft Azure
Data is encrypted between server and client (HTTPS)
Uploaded documents are encrypted and can only be accessed via uQualio
Payment security
uQualio does not store information that can process a payment on your credit card. All information is handled by our credit card processing partner Stripe.
Stripe is a certified PCI Service Provider Level 1 and follows all international rules and regulations to keep your credit card information safe.
For eCommerce enabled accounts we set up a Stripe Connected account so we can charge on behalf of our customer. We do not have access to the Strpe Connected Account.
Privacy and Consents
Your data is safe with uQualio
uQualio follows EU regulations on GDPR
You can revoke electronic marketing permissions you have granted to an account owner on our platform
We do not use your data for other purposes than helping you get a better user experience
We do not sell your data to anyone
We have not implemented login using e.g. your Apple ID, Facebook or Google accounts as we think their data use lacks transparency and fairness
User account access
Users must sign in with a password of minimum 6 characters
Unique username (id, email, or phone number) is required
Changes to email or phone numbers are registered as user notifications
Changes to passwords are registered as user activities
User access can be blocked by uQualio
Users can change the password from within the application
An account is locked for a period after three unsuccessful login attempts
