Security at QuotaGuard
No payload stored in any mode.
Decryption in exactly one mode, by design.
How QuotaGuard Static and QuotaGuard Shield handle your traffic, what we log, what we never see, and the documentation behind every claim on this page.
Certifications
[PLACEHOLDER. Paste "Certifications" from sec-posture-statement-external-release.md. Not certified, no SOC 2 / HITRUST / independent HIPAA audit, annual re-evaluation, pointer to published docs and NDA layer.]
HIPAA
[PLACEHOLDER. Paste "HIPAA" from the posture release copy. HIPAA-ready, Shield no-decrypt/no-keys, BAA on qualifying Shield plans, Static not offered for regulated data. NOTE: likeliest legal-review redline target; paste last.]
PCI-DSS
[PLACEHOLDER. Paste "PCI-DSS" from the posture release copy. Scope reduction, never "certified."]
Track record and contact
[PLACEHOLDER. Paste "Track record and contact" from the posture release copy. 36-month incident record anchored to June 2026, security@quotaguard.com.]
Security documentation
Public
Information Security Policy
Access control, encryption, data classification, and the governing data-handling principle.
PublicData Flow
What is decrypted, logged, and stored in each of the four traffic modes, with diagrams.
PublicSubprocessors
Every third-party provider in the QuotaGuard service, and what each one is for.
Detailed documentation under NDA
Available under NDA
For security reviews and vendor assessments, QuotaGuard provides its detailed operational documentation under a single mutual confidentiality agreement:
- Access Control and Provisioning Note
- Incident Response Policy
- Vulnerability and Patch Management Statement
- Business Continuity and Disaster Recovery Summary
- Subprocessor List, detailed version (regions and data categories)