Qvista does not store or retain your data within its systems. The platform operates on a real-time retrieval model, fetching data directly from your connected sources as needed. Your data always remains in your own environment.
Data Handling and Privacy
Qvista’s architecture is designed to minimise data exposure by never persisting your business data on Qvista’s servers.Real-Time Retrieval Model
Every query, dashboard load, and workflow execution fetches data live from your connected sources. Qvista acts as an orchestration and visualisation layer — not a data warehouse.
Performance Caching
To optimise response times, Qvista caches frequently accessed data in a short-lived, session-bound cache. This cache does not persist beyond your active session and is never shared across users or organisations.
Encryption
All data in transit is protected using industry-standard encryption protocols.SSL/TLS in Transit
Qvista encrypts all data transmitted between your device and its servers using SSL/TLS. Your information stays confidential and tamper-proof, even when accessed over public or untrusted networks.
Secure API Connections
Every integration with an external data source or third-party service uses encrypted, authenticated API connections. Credentials are stored using secure vault mechanisms and are never exposed in plain text.
Compliance Standards
Qvista follows strict, widely recognised security and compliance frameworks to meet the requirements of organisations in regulated industries.SOC 2
Qvista maintains SOC 2 compliance, covering the security, availability, and confidentiality of your data as processed through the platform.
GDPR
Qvista adheres to GDPR requirements, supporting your obligations around data subject rights, lawful data processing, and privacy-by-design principles.
HIPAA
For organisations handling protected health information, Qvista meets HIPAA requirements to help you maintain compliance in healthcare-adjacent workflows.
Regular Security Audits
Qvista undergoes regular independent security audits and vulnerability assessments. Identified risks are triaged and remediated to keep the platform’s security posture current.
Access Controls
Qvista gives you precise control over who can see and act on data within your organisation’s workspace.Role-Based Access Controls
Define roles — such as viewer, editor, and administrator — and assign them to individual team members. Control who can view, edit, publish, or manage each dashboard, workflow, and dataset independently.
API Rate Limiting
Qvista applies API rate limiting on all external-facing endpoints to protect against abuse, brute-force attacks, and runaway automation. This keeps the platform stable and your integrations secure.
Deployment Options
Qvista gives you the flexibility to choose where and how the platform runs based on your organisation’s security and compliance requirements.Cloud Deployment
The default Qvista deployment runs in a managed cloud environment. All cloud infrastructure is maintained, patched, and monitored by the Qvista team, so your organisation benefits from enterprise-grade security without managing it directly.
On-Premise Deployment
Deploy Qvista entirely within your own infrastructure — on-premise or in a private cloud. On-premise deployment gives your organisation complete control over where data is processed, how the network is segmented, and what security controls are applied.
On-premise deployment is available on the Enterprise plan. It is particularly well-suited for organisations with air-gapped environments, strict data residency requirements, or highly regulated industries.
Security Best Practices for Your Team
Use these recommendations to get the most out of Qvista’s built-in security features.- Assign roles precisely. Use role-based access controls to limit each team member to the minimum level of access they need.
- Rotate API credentials regularly. Update the API keys and tokens used by your Qvista integrations on a scheduled basis, especially for high-privilege connections.
- Enable workflow approval gates. For business-critical automations, add manual approval steps to ensure a human reviews the action before it executes.
- Review audit logs. Monitor Qvista’s built-in activity logs regularly to detect unexpected access patterns or workflow failures.
- Use on-premise deployment for sensitive workloads. If your organisation handles highly sensitive data, consider the on-premise deployment option for complete environmental control.
