Does QuotaGuard hold SOC 2 or other security certifications?

Yes. Our security practices are designed to align with industry standards like SOC 2 Type II, utilizing safeguards such as MFA, RBAC, and automated vulnerability scanning.

HIPAA-Ready Static IP Inbound & Outbound Proxy

Q: Does QuotaGuard sign a BAA for healthcare customers?

Yes. We understand that a Business Associate Agreement is a requirement for healthcare providers and their vendors. We provide standard BAAs for all Shield customers and can review custom enterprise agreements for larger organizations.

Q: How does SSL Passthrough differ from SSL Termination?

SSL Passthrough (SNI routing) ensures your sensitive PHI remains encrypted from your application to its destination. Our infrastructure never decrypts your traffic or possesses your private keys, functioning strictly as a blind conduit for your data.

Q: Is QuotaGuard Shield also PCI-DSS compliant?

Yes. The same SSL Passthrough and E2EE architecture that makes us HIPAA compliant also satisfies the strict data transmission requirements for PCI-DSS.

Q: How does QuotaGuard manage subcontractors and downstream compliance?

QuotaGuard ensures all relevant downstream service providers, such as our primary cloud infrastructure partners, have signed BAAs with us, extending the chain of trust throughout our entire service stack.

Q: What kind of audit trails are available for compliance reporting?

To satisfy HIPAA Audit Control requirements, we maintain detailed logs of connection metadata (timestamps, source IP, destination) for six years, while strictly maintaining no payload logging.

Q: What is your protocol for security incident notification?

QuotaGuard follows a documented Incident Response Plan and is legally required to notify you of any verified breach of ePHI in a timely manner, satisfying Business Associate legal obligations.

The Trusted Networking Layer for PHI & Regulated Data
‍
Secure your healthcare applications with a hardened, Networking perimeter designed for HIPAA workloads.

QuotaGuard Shield provides the technical safeguards required to transmit Protected Health Information (PHI) while maintaining encrypted transmission and limited technical metadata for operational review.

Administrative & Technical Safeguards

QuotaGuard Shield is designed to support the transmission security requirements of the HIPAA through advanced encryption and architectural isolation.

HIPAA-regulated customers generally need appropriate safeguards for ePHI in transit. QuotaGuard Shield is designed to support encrypted transmission for approved Shield configurations.

Diagram illustrating End-to-End Encryption (E2EE) with an application on the left and PHI data on the right, connected securely through QuotaGuard Shield with padlock icons symbolizing encryption.

Infrastructure Hardening for Compliance

Our Shield architecture goes beyond simple IP rotation to provide a complete security perimeter for regulated serverless, containerized, and PaaS environments.

Secure Outbound Authentication

Unlike standard proxies that may transmit credentials in cleartext, Shield wraps your proxy authentication in a secure TLS tunnel.

This prevents sensitive credentials from being leaked or intercepted during the initial handshake, protecting your application's entry point to the network.

No Payload Logging

To minimize your compliance surface area, QuotaGuard never logs request bodies or payload data.

We only record the essential metadata (timestamp, source IP, and destination) required for debugging and to satisfy the Audit Control requirements of the HIPAA Security Rule.

High-Availability Data Integrity

Approved HIPAA-regulated configurations may include dedicated or redundant Shield infrastructure depending on the customer’s use case, risk profile, and configuration requirements.

HIPAA / BAA administration

BAA coverage for approved Shield configurations

QuotaGuard offers Business Associate Agreement coverage for approved QuotaGuard Shield configurations after intake review and signed documentation.

The annual HIPAA / BAA administration add-on covers intake review, preparation and maintenance of the BAA record, annual configuration review, and related compliance administration.

BAA coverage applies only to the approved Shield configuration. It does not automatically apply to other QuotaGuard products, accounts, configurations, or non-approved uses.

Dedicated infrastructure, custom legal review, custom security review, or non-standard terms may require separate pricing.

FAQs

Technical answers for compliance officers regarding PHI transmission and legal agreements.

Does QuotaGuard sign a BAA for healthcare customers?

Yes, for approved QuotaGuard Shield configurations.

Before preparing a BAA, we ask customers to complete a short HIPAA / BAA intake form so we can document the intended Shield configuration and confirm whether it is appropriate for HIPAA-regulated use.

BAA coverage is not automatic and does not apply to all QuotaGuard products or configurations.

Dedicated infrastructure may be required or strongly recommended depending on the customer’s use case, risk profile, and configuration.

Is there a fee for BAA coverage?

Yes. QuotaGuard charges a $999 annual HIPAA / BAA administration fee for approved Shield configurations that require BAA coverage.
‍
This fee covers intake review, BAA record preparation and maintenance, annual configuration review, and related security/compliance administration.

Custom legal review, custom security review, non-standard terms, or dedicated infrastructure may require separate pricing.

How does SSL Passthrough differ from SSL Termination?

Most standard proxies use SSL termination, where they unwrap your data at the edge, inspect it, and then re-encrypt it.

QuotaGuard Shield uses SSL Passthrough, meaning we route your packets based on SNI headers without ever opening them. Your data is never "visible" to our infrastructure.

Is QuotaGuard Shield also PCI-DSS compliant?

No.

QuotaGuard Shield is not a PCI-DSS certified service provider.

The Shield SSL passthrough architecture keeps cardholder data encrypted in transit, helping customers maintain their PCI-DSS scope boundaries.

Customers handling cardholder data should consult their QSA about whether QuotaGuard fits within their compliance scope.

How does QuotaGuard manage subcontractors and downstream compliance?

Under the HIPAA Privacy and Security Rules, any subcontractors we use that may have incidental contact with our infrastructure must also adhere to the same stringent data protection standards.

QuotaGuard has executed AWS's standard Business Associate Addendum for the AWS account used to operate Shield infrastructure.

What kind of audit trails are available for compliance reporting?

QuotaGuard records connection metadata for traffic through the proxy: timestamps, source IP and port, destination host and port, byte counts, and connection status.

Because Shield operates as a conduit, these logs capture how connections are made, not the contents of your traffic, which QuotaGuard does not decrypt or store.

Administrative actions on QuotaGuard's infrastructure are recorded separately (actor, timestamp, source IP, action).

Connection logs are retained for 60 days and then automatically deleted; QuotaGuard does not maintain a long-term log archive.

Customers operating under HIPAA can reference these logs in support of their own audit controls.

What is your protocol for security incident notification?

In the event of a suspected security incident or data breach, QuotaGuard follows a documented Incident Response Plan.

When a BAA is in place, breach notification follows the timelines in the executed BAA.

Still have questions?

We don’t outsource Support to non-Engineers.

Reach out directly to the Engineers who built Shield to discuss your specific architecture, integration challenges, or compliance constraints here 👇

Contact

🚀 Ready to Get Started? Choose Your QuotaGuard Path

QuotaGuard STATIC

Why: You need a rock-solid, fixed IP for general API access, AI workflows, or standard third-party integrations.

Best For: Developers, startups, and general application connectivity.

Key Feature: SOCKS5 support for secure database access.

QuotaGuard SHIELD

Why: You handle HIPAA, PCI, or sensitive PII data and require End-to-End Encryption (E2EE) for full compliance.

Best For: Regulated industries, financial services, and healthcare.

Key Feature: SSL Passthrough and key isolation.

Trusted by Engineering Teams Everywhere

Reliability Engineered for the Modern Cloud

For over a decade, QuotaGuard has provided reliable, high-performance static IP and proxy solutions for cloud environments like Heroku, Kubernetes, and AWS.

Get the fixed identity and security your application needs today.

Start Free Trial Talk to an Engineer