Security

Security is foundational to a live event platform. We design QApoint to protect organiser and attendee data with layered controls, least-privilege access, and continuous monitoring.

This page summarises our posture at a high level; it is not an exhaustive list of controls and does not replace contractual commitments in an enterprise agreement or DPA.

Traffic between clients and QApoint is encrypted in transit using modern TLS configurations. Sensitive data at rest is protected with industry-standard encryption managed through our cloud providers.

Production access is limited to authorised personnel, enforced with multi-factor authentication and role-based permissions. Administrative actions are logged for audit and investigation.

We implement secure development practices, dependency review, and automated testing. Customer workspaces are logically separated so data does not bleed across tenants.

If you believe you have found a vulnerability, please email security@qapoint.com with a clear description, reproduction steps, and optional patch suggestions. We ask that you avoid exploiting issues, access others' data, or perform disruptive testing.

We aim to acknowledge valid reports promptly and work with you on coordinated disclosure where appropriate.

Enterprise customers may request our latest security questionnaire, subprocessors list, and Data Processing Agreement. Formal certifications may be in progress — ask your account contact for current status.

Data Processing Agreement · Privacy policy