Overview
Qymmo is built so your customer data stays protected in transit and at rest. We follow industry practices for encryption, access control, and monitoring, and we continually improve our security posture as the product evolves.
Encryption & data
Connections to our services use HTTPS/TLS, and sensitive customer and integration data is encrypted at the application level. We limit access to production systems and customer data to authorised personnel who need it to operate the service. Core controls in place include:
- Encrypted in transit with HTTPS/TLS
- Application-level encryption for sensitive customer and integration data
- Tenant-scoped access controls
- Role-based permissions for teams and operators
- Audit logs for sensitive actions
- Webhook signature checks and idempotency protection
- Rate limiting and request hardening
Infrastructure
We host on reputable cloud providers with physical and network safeguards. We apply patches, monitor availability, and use backups and redundancy to reduce the risk of data loss and downtime.
Access & authentication
Your team signs in through secure sessions. We encourage strong passwords and, where available, additional account protections. Administrative actions are logged where appropriate for auditing and troubleshooting.
Compliance
We design processes to support common privacy and security expectations. Specific certifications or regional requirements may apply to your use case — contact us if you need detailed assurance for procurement or regulated industries.
Reporting issues
If you discover a vulnerability or security concern, please report it responsibly. Email security@qymmo.com with enough detail for us to reproduce or assess the issue. We appreciate coordinated disclosure.