QuickChart Data Security Policy

As a company that takes data security and privacy very seriously, we recognize that QuickChart’s information security practices are important to you.

Customer data security

  • QuickChart does not retain data contained in charts and graphs unless specifically instructed to do so by the customer.
  • QuickChart uses a third-party payment processor and does not retain customer billing data.
  • Access to logs occurs on an as-needed basis, typically for debugging purposes upon customer request. Every access is logged and monitored.
  • Logs are deleted when they are no longer needed, or automatically after 30 days.
  • See Privacy Policy.

Information security

We rely on Google Cloud Platform, which continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Our servers are located in Iowa, USA and Belgium, Europe. Requests are routed to the nearest datacenter.

Access restrictions

  • All systems are protected through key-based authentication and access is limited by Role-Based Access Control (RBAC).
  • All systems require non-SMS multi-factor authentication.
  • Access to all systems is logged, including logins as well as actions and commands.
  • HTTPS connections use Cloudflare and Google Cloud-managed certificates.
  • We do not use contractors.

Standards and Frameworks

Google’s data center operations have been accredited under:

  • ISO 27001
  • SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
  • PCI Level 1
  • FISMA Moderate
  • Sarbanes-Oxley (SOX)

Vulnerability detection

  • We use security vulnerability detection tools to alert us when dependencies have security issues, such as Github Advanced Security. Infrastructure security is handled by Google Cloud Platform.
  • We regularly perform internal and external vulnerability scans and application penetration tests to monitor the status of our security efforts.

Physical security

We ensure that our datacenter vendors provide the following security measures:

  • 24/7 security guard services
  • Restrictions to physical entry to facility
  • Full CCTV coverage for the facility
  • Biometric readers with two-factor authentication
  • Battery and generator backup

Business continuity

We keep a contingency plan in case of unforeseen events, including risk management, disaster recovery, and customer communication sub-plans that are tested and updated on an ongoing basis and thoroughly reviewed for gaps and changes at least annually.