Skip to main content
Protecting your data is a core part of how Qvista is designed — not an afterthought. From the moment data travels between your systems and Qvista to the way access is controlled inside your team’s workspace, every layer of the platform is built with security in mind. This page explains exactly how Qvista keeps your information safe, what compliance standards the platform adheres to, and what options are available when your organisation needs tighter control over its data environment.
Qvista does not store or retain your data within its systems. The platform operates on a real-time retrieval model, fetching data directly from your connected sources as needed. Your data always remains in your own environment.

Data Handling and Privacy

Qvista’s architecture is designed to minimise data exposure by never persisting your business data on Qvista’s servers.

Real-Time Retrieval Model

Every query, dashboard load, and workflow execution fetches data live from your connected sources. Qvista acts as an orchestration and visualisation layer — not a data warehouse.

Performance Caching

To optimise response times, Qvista caches frequently accessed data in a short-lived, session-bound cache. This cache does not persist beyond your active session and is never shared across users or organisations.

Encryption

All data in transit is protected using industry-standard encryption protocols.

SSL/TLS in Transit

Qvista encrypts all data transmitted between your device and its servers using SSL/TLS. Your information stays confidential and tamper-proof, even when accessed over public or untrusted networks.

Secure API Connections

Every integration with an external data source or third-party service uses encrypted, authenticated API connections. Credentials are stored using secure vault mechanisms and are never exposed in plain text.

Compliance Standards

Qvista follows strict, widely recognised security and compliance frameworks to meet the requirements of organisations in regulated industries.

SOC 2

Qvista maintains SOC 2 compliance, covering the security, availability, and confidentiality of your data as processed through the platform.

GDPR

Qvista adheres to GDPR requirements, supporting your obligations around data subject rights, lawful data processing, and privacy-by-design principles.

HIPAA

For organisations handling protected health information, Qvista meets HIPAA requirements to help you maintain compliance in healthcare-adjacent workflows.

Regular Security Audits

Qvista undergoes regular independent security audits and vulnerability assessments. Identified risks are triaged and remediated to keep the platform’s security posture current.

Access Controls

Qvista gives you precise control over who can see and act on data within your organisation’s workspace.

Role-Based Access Controls

Define roles — such as viewer, editor, and administrator — and assign them to individual team members. Control who can view, edit, publish, or manage each dashboard, workflow, and dataset independently.

API Rate Limiting

Qvista applies API rate limiting on all external-facing endpoints to protect against abuse, brute-force attacks, and runaway automation. This keeps the platform stable and your integrations secure.
Granting overly broad permissions to team members or service accounts can expose sensitive data. Follow the principle of least privilege: assign only the access level each user or integration genuinely needs.

Deployment Options

Qvista gives you the flexibility to choose where and how the platform runs based on your organisation’s security and compliance requirements.

Cloud Deployment

The default Qvista deployment runs in a managed cloud environment. All cloud infrastructure is maintained, patched, and monitored by the Qvista team, so your organisation benefits from enterprise-grade security without managing it directly.

On-Premise Deployment

Deploy Qvista entirely within your own infrastructure — on-premise or in a private cloud. On-premise deployment gives your organisation complete control over where data is processed, how the network is segmented, and what security controls are applied.
On-premise deployment is available on the Enterprise plan. It is particularly well-suited for organisations with air-gapped environments, strict data residency requirements, or highly regulated industries.

Security Best Practices for Your Team

Use these recommendations to get the most out of Qvista’s built-in security features.
  • Assign roles precisely. Use role-based access controls to limit each team member to the minimum level of access they need.
  • Rotate API credentials regularly. Update the API keys and tokens used by your Qvista integrations on a scheduled basis, especially for high-privilege connections.
  • Enable workflow approval gates. For business-critical automations, add manual approval steps to ensure a human reviews the action before it executes.
  • Review audit logs. Monitor Qvista’s built-in activity logs regularly to detect unexpected access patterns or workflow failures.
  • Use on-premise deployment for sensitive workloads. If your organisation handles highly sensitive data, consider the on-premise deployment option for complete environmental control.
If your organisation has specific enterprise security requirements — such as custom data residency, dedicated infrastructure, SSO integration, or a bespoke compliance framework — contact the Qvista support team. The enterprise team can work with you to design a deployment and configuration that meets your exact needs.