1. Our Commitment
At RexQR, security is fundamental to everything we do. We protect your data with enterprise-grade infrastructure, regular audits, and industry best practices.
2. Infrastructure Security
- Hosting: AWS with SOC 2 and ISO 27001 certified data centres
- Encryption: TLS 1.3 for data in transit, AES-256 for data at rest
- Network: WAF, DDoS protection, and intrusion detection systems
- Backup: Automated daily backups with point-in-time recovery
3. Application Security
- OWASP Top 10 protection
- Regular penetration testing by third-party firms
- Automated vulnerability scanning in CI/CD pipeline
- Code reviews for all production changes
- Content Security Policy (CSP) headers
4. Payment Security
All payment processing is handled by Stripe, a PCI-DSS Level 1 certified processor. We never store, process, or transmit raw card data on our servers. Tokenization ensures your payment details are secure.
5. Access Controls
- Role-based access control (RBAC) for all internal systems
- Multi-factor authentication required for all team members
- Principle of least privilege enforced
- Quarterly access reviews
6. Incident Response
We maintain a 24/7 incident response capability:
- Detection: Real-time monitoring and alerting
- Response: Dedicated security team with defined escalation procedures
- Notification: Affected users notified within 72 hours of confirmed breach
- Recovery: Documented procedures for containment and remediation
7. Responsible Disclosure
If you discover a security vulnerability, please report it responsibly to security@rexqr.com. We appreciate the security community's help in keeping our users safe.
8. Contact
- Security team: security@rexqr.com