Independently verified controls, transparent incident reporting, and a public bug bounty. Our customers process billions of redirects on this infrastructure — we treat that as a privilege.
Annual independent audit covering security, availability, processing integrity, confidentiality, and privacy. Reports available under NDA via sales@quickresponsehub.com.
Information Security Management System certified by an accredited body. Statement of Applicability shared with enterprise customers.
TLS 1.3 with HSTS preload for all traffic. AES-256 at rest for the redirect database, object storage, and backups. Customer secrets (passcodes, API keys) are stored using one-way SHA-256 hashes.
SSO via SAML 2.0 (Okta, Azure AD, Google Workspace) on Enterprise. SCIM provisioning. Mandatory MFA for all engineering staff with hardware-backed WebAuthn keys.
Edge-terminated traffic across 280+ POPs. Mutual TLS between internal services. WAF + DDoS protection at the edge with automatic mitigation up to 4 Tbps.
Continuous SCA + SAST in CI. Quarterly third-party penetration tests. Public bug bounty (rewards up to $25,000) — see our disclosure policy below.
Tamper-evident audit logs retained for 13 months. 24/7 Security Operations Center with on-call response within 15 minutes for Sev-1 incidents.
Choose EU (eu-west) or US (us-east) for primary storage. Cross-region replication is opt-in. We never sell or share customer data with third parties.
Found a vulnerability? Email security@quickresponsehub.com with reproduction steps. We acknowledge within 24 hours, triage within 3 business days, and pay out within 30 days of validation. Please give us a reasonable window to ship a fix before public disclosure.