We Take Security Seriously

Protecting our customers security and privacy is our top priority. The Questis Security Team manages a comprehensive program of policies and procedures to maximize its Information Security Program (ISP). The ISP covers all aspects of the Production, Development, Staging, and Corporate environments as well as vendor relations, BCP, and personnel management. If you have any questions or concerns, please contact us at security@myquestis.com.



Best Practices

Questis follows industry best practice guidelines in the design and implementation of our infrastructure and application. We separate our Production, Staging, Development, and Corporate environments from each other. Furthermore, we restrict access to key information to only those employees, contractors, and agents with a need to know in order to provide services. Other key controls include:

  • Multi-Factor Authentication (OTP & SMS)

  • Resilient and Redundant Infrastructure

  • Data Encryption


Our Application

The application runs on a trusted industry-leading enterprise hosting-provider cloud platform. We chose this cloud platform for a variety of reasons, including trust, security, and reliability. All of our servers are hosted in a secure Internet hosting facility. Their facilities are certified against the internationally recognized.

  • ISO 27001

  • SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)

  • PCI Level 1

  • FISMA Moderate

  • Sarbanes-Oxley (SOX)


Secure Technology

We use state-of-the-art cryptographic algorithms during data transmission and storing data at rest. Our servers are kept in PCI and SSAE16 certified data centers with 24x7 monitoring.


Sharing Personal Information

We only share personal information with unaffiliated third parties as permitted or required by law. When we share personal information with vendors and service providers who perform functions on our behalf, we require that they keep that data confidential and secure, and that they use it only as is reasonably necessary to carry out their work or comply with applicable law.



At Questis, we utilize advanced endpoint monitoring and breach detection for all our assets. Questis also leverages a third party hunt team for vulnerability assessments and reporting. This team is armed with experienced nation-state hackers who have the skills and tools to detect even the most sophisticated attacks. We investigate all reported vulnerabilities; so if you believe you''ve discovered a problem, please email security@myquestis.com.


Data Retention

When an account is terminated, we will keep the associated information as long as required to maintain adequate business records and comply with our legal obligations. The period for which we maintain this information may vary based on the type of relationship. Upon termination of an account, we will discontinue any connection to user financial accounts, and we will use commercially reasonable efforts to delete all associated information as soon as possible. Have additional questions? Please email security@myquestis.com.

ABOUT                   CONTACT                     FOLLOW


We take security seriously. Find out more here.

© Questis 2020