Legal

Security

How we protect customer data and support enterprise security reviews.

Overview

Security is a core requirement. QUOTA is designed for modern teams with secure-by-default architecture, least-privilege access, encryption, and operational controls.

This page is a high-level overview. More detailed materials (questionnaires, architecture summaries, supporting evidence) may be available where appropriate, including under NDA.

  • Defense in depth
  • Least privilege
  • Encryption
  • Operational controls

Data protection and encryption

We use encryption in transit (TLS) for communications with the Service. We also use encryption at rest where appropriate for stored data and backups.

Access to sensitive systems is restricted and monitored. Production access is limited to authorized personnel and role-based permissions.

  • TLS in transit
  • Encryption at rest
  • Restricted production access

Identity and access control

We implement role-based access controls (RBAC) and apply the principle of least privilege. Administrative actions are restricted and logged.

Where enterprise requirements apply, we support secure authentication patterns (including SSO/SAML in enterprise deployments) and account lifecycle controls (including SCIM where applicable).

  • RBAC
  • Least privilege
  • Admin audit logging
  • SSO/SAML (enterprise)
  • SCIM (enterprise)

Network security and Cloudflare

We protect public endpoints with modern security controls and continuous monitoring to reduce risk from common web threats.

We use Cloudflare for edge protection such as DDoS mitigation, WAF rules, and traffic filtering for public-facing services.

  • DDoS mitigation
  • WAF protections
  • Traffic filtering
  • Monitoring

Application security

We follow secure development practices and reduce risk through code review, dependency management, and security testing where appropriate.

We monitor and address vulnerabilities in third-party libraries and our own components, prioritizing fixes based on severity and exposure.

  • Secure SDLC
  • Vulnerability management
  • Timely patching

Audit logging and monitoring

We maintain operational logging to support incident detection, troubleshooting, and auditability. Access to logs is controlled.

We monitor for suspicious activity and implement alerting to enable rapid triage and response.

  • Operational logs
  • Security alerts
  • Log access controls

Incident response

We maintain an incident response process designed to detect, triage, contain, and remediate security events.

For customers, we provide communications aligned to contractual requirements, including reasonable notification timelines and post-incident review where appropriate.

  • Triage and containment
  • Customer communications
  • Post-incident review

GDPR and privacy

We support GDPR-aligned practices and can provide a Data Processing Addendum (DPA) where required.

Customers control the data submitted to the Service and are responsible for having appropriate rights, notices, and legal bases to process personal data through the Service.

  • GDPR-aligned practices
  • DPA available
  • Customer data control

Assurance (in corso) e trasparenza verso il procurement

We do not claim certifications we have not obtained. Our priority is building a strong, documented, and verifiable security program: policies, controls, operational evidence, and review processes.

During vendor/security review we can share, where appropriate and under NDA, supporting materials (architecture overview, questionnaires, control descriptions, and assurance roadmap).

  • Security pack (su richiesta)
  • Questionari procurement
  • Evidenze e documentazione
  • Roadmap assurance

Contact and security review

If your team requires a security questionnaire, architecture overview, or vendor assessment, contact us and we will coordinate the review process.

For security inquiries: hello@quota.training.

  • Questionnaire support
  • Vendor assessments
  • Contact: hello@quota.training

See QUOTA in action

Book a demo with the team

We’ll walk through live simulation, scoring, and gamification for your use case.

Book a demo