Security

Last updated: 4 April 2026

Qallio designs, builds, and operates its services with security and reliability in mind. This page summarizes our approach at a high level. It is not an exhaustive description of our environment, does not modify any contract between you and Qallio, and is not a guarantee that no incident will ever occur.

For data protection practices, see our Privacy Policy. For rules of use, see our Terms of Service. Product-specific trust and guardrail features are described on our Trust & Guardrails page.

1. Organizational security

We implement administrative and organizational measures intended to reduce risk, including:

  • Access to production systems and customer data on a need-to-know basis, with authentication and logging appropriate to the environment.
  • Security awareness expectations for team members who handle sensitive systems or data.
  • Vendor review for subprocessors that process data on our behalf, including contractual confidentiality and data-protection commitments where applicable.
  • Documented procedures for change management, backups, and business continuity aligned with our stage and risk profile.

2. Technical measures

Depending on the service layer, we typically employ controls such as:

  • Encryption of data in transit using industry-standard TLS for browser and API traffic where supported.
  • Logical separation between customer environments and least-privilege access for operational roles.
  • Monitoring and alerting for anomalies, abuse, and operational health.
  • Secure development practices, dependency updates, and review processes appropriate to our release cadence.

Specific encryption at rest, key management, and network segmentation details may be provided under NDA or in security questionnaires for enterprise customers when available.

3. Product and account security

We encourage customers to:

  • Use strong, unique passwords and enable multi-factor authentication where the product supports it.
  • Assign roles following the principle of least privilege and review membership regularly.
  • Configure integrations and API keys carefully; rotate credentials when team members leave or after suspected compromise.
  • Review audit or activity logs where available, and align agent and workflow behavior with internal policies.

4. Incident response

If we become aware of a security incident that affects personal data or the confidentiality, integrity, or availability of the Services in a material way, we will investigate, take steps to contain and remediate where feasible, and notify affected customers or users as required by law or contract. Notification timelines depend on the nature of the incident and any ongoing law-enforcement or regulatory constraints.

5. Vulnerability disclosure

We welcome responsible reports of security vulnerabilities. Please email sales@qallio.one with a clear description, steps to reproduce, and, if applicable, suggested impact. Do not access or exfiltrate data beyond what is necessary to demonstrate the issue, and do not perform disruptive testing without prior written agreement. We will acknowledge receipt when practicable and work with you on coordinated disclosure where appropriate.

6. Compliance and assessments

We aim to align our practices with applicable privacy and security expectations. Formal certifications, penetration test summaries, and detailed control mappings are often shared under confidentiality with enterprise prospects and customers as they become available. Nothing on this page constitutes a representation that a particular certification or audit has been completed unless we state so explicitly in writing.

7. Your responsibilities

Security is shared. You are responsible for the security of your devices, networks, and the Customer Data you upload or connect to Qallio, including compliance with laws that apply to your industry and region. AI-generated content and automated actions should be supervised according to your risk tolerance and regulatory obligations.

8. Contact

Security and trust questions: sales@qallio.one.