Data security

Last updated on 09/27/2019

Last updated on 09/27/2019

Backups/Disaster Recovery

• We back up all our databases for 60 days with a backup once a day. We also have a backup of each database every 30 minutes and kept for 48 hours to limit data loss in case of disaster.

• All import files are also backed up with a backup once a day. We back up all your import files with a history of 10 years.

• Backups are stored across two datacenters from different countries and providers to prevent any failure from a provider (OVH and Google in Europe).

• The locations of our servers and the contact information of our service providers are available in our Terms and Conditions.

• In case of hardware failure from one of our providers, our servers can be migrated in a few minutes to an operational machine.

Database security

• The application is designed to handle each request through a security table that prevents any errors and access to your data without authorization.

• Crucial tables, such as those containing your reporting data, are completely separated from those of other clients.

Password Security

• Client passwords are hashed and salted multiple times with different algorithms.

• No one at Qotid can access your password or decrypt it; your only way to recover it is to reset it.

• Credentials are transmitted to the server securely via HTTPS and are undecipherable by third parties. However, you must remain vigilant about how your passwords are stored. We recommend using a password generation tool (such as Dashlane).

• Login cookies are stored on client computers in httpOnly, which limits the risk of token theft.

• Access to the Qotid account is blocked for 30 minutes after 3 unsuccessful login attempts. An email is sent to the account owner to notify them of these unsuccessful attempts.

Access by our employees

• Qotid support teams can access your account via an administrator account in order to resolve your issue more efficiently. 

• Qotid staff do not have access to your password and cannot retrieve it for you. Your only option in case of loss is to reset it.

• To resolve issues related to the application, the development team has access to your account in an anonymized manner, all personal information that could identify you or your establishments is replaced with dummy data to avoid any harm.

System security

• All Qotid servers are kept up to date and adhere to the latest security standards.

• Access to the servers is restricted to a few individuals only; they must connect via VPN to an internal Qotid network and use a personal, encrypted SSH key to access the servers from a work computer with disk encryption.

Banking information security

• We do not directly store your banking data (identifier and password); securing your banking data falls to Powens (you should consult their website).

Data encryption

• All data is transmitted securely over HTTPS using 256-bit ECC SSL encryption. These are the security protocols recommended by ANSSI (National Agency for the Security of Information Systems).

• We keep our servers and certificates up to date to ensure an optimal security level of Grade A on SSL Labs.

Network Defense

• Google Cloud offers a substantial network infrastructure with advanced protections such as DDoS attack mitigation, detection, and blocking of fraudulent requests preventing disruption of the availability of our services.

• Our servers are protected behind firewalls that block potential attacks.

 • We also filter http requests based on public lists of IP addresses recognized as malicious.