Security & Trust
A compliance platform should hold itself to the standard it sells.
Here's how we protect the evidence, credentials, and data you trust us with. We'd rather tell you plainly than dress it up.
Security posture
LiveHow we protect you
Security built into every layer.
Encryption everywhere
Data is encrypted in transit (TLS 1.2+) and at rest. Integration credentials sit in a dedicated vault encrypted with AES-256-GCM.
Multi-tenant isolation
Qireon is a multi-tenant platform with logical isolation between tenants. Auditor workspaces are scoped, read-only, and access-controlled per engagement.
Access & authentication
Role-based access control, SSO on the Enterprise plan, and signed, expiring magic links for auditor access — no shared passwords.
Availability
The platform is monitored continuously. We publish incidents and status transparently rather than hiding them.
Data handling
You own your data and can export it at any time. Evidence is retained per your configured policy and deleted on request.
Sub-processors
We keep a current list of the sub-processors we rely on to deliver the service, available on request and to customers under contract.
Need our security documentation?
Customers and prospects under NDA can request our sub-processor list, data-handling details, and current posture. Ask during your demo.
Request during a demoFound a vulnerability?
We take responsible disclosure seriously. Email our security team directly and we'll acknowledge quickly and work with you on a fix.
security@qireon.comTrust, demonstrated — not just claimed.
See how Qireon secures your evidence and gives your auditor a safe, read-only window into it — book a 20-minute walkthrough.
Book a demo