Security & Compliance

All customer and inspection data is stored securely in Microsoft Azure data centers located in the United States. This ensures compliance with data residency requirements and provides robust infrastructure redundancy.

Microsoft Azure holds multiple security certifications including SOC 2 Type II, ISO 27001, ISO 27018, HIPAA, FedRAMP, and PCI DSS. Azure undergoes regular third-party audits and maintains compliance with industry-leading security standards. InspectQC leverages these certifications to protect your data.

Yes. All communication between your browser and InspectQC servers is encrypted using TLS 1.2 or higher (HTTPS). This ensures that data in transit, including login credentials and inspection data, cannot be intercepted or modified by unauthorized parties.

We employ multiple layers of protection: end-to-end HTTPS encryption, role-based access controls (RBAC), multi-factor authentication (MFA), encrypted database storage, regular security audits, and strict access policies. Tenant data is logically isolated, and access is restricted to authorized users only.

Active tenant data is retained for the duration of your subscription. Upon account termination or deletion request, we retain data as required by law for compliance purposes (typically 30-90 days), after which it is securely purged. Backup copies are retained per Azure's standard retention policies.

InspectQC supports time-based one-time passwords (TOTP) via authenticator apps like Google Authenticator, Microsoft Authenticator, and Authy. MFA is optional but strongly recommended for all user accounts to prevent unauthorized access.

We conduct regular security assessments and are committed to ongoing security improvements. As part of our compliance framework, we work with security partners to identify and address potential vulnerabilities.

In the unlikely event of a confirmed data breach, we follow responsible disclosure practices and notify affected users without unreasonable delay. We maintain cyber liability insurance and work with security experts to contain and remediate incidents.

InspectQC inherits security and compliance benefits from Microsoft Azure's SOC 2 Type II certification. Our infrastructure, data storage, and access controls meet SOC 2 standards. We are committed to obtaining our own SOC 2 Type II certification as we scale.

Yes. You can export inspection data and reports through the InspectQC portal in standard formats (CSV, PDF). This ensures you maintain portability and ownership of your data.

Azure automatically performs continuous backups of all customer data with geographic redundancy. This ensures data is protected against hardware failures and disasters.

InspectQC is built on Azure's globally distributed infrastructure with automatic failover and redundancy. We maintain a 99.9% uptime SLA. In rare cases of outages, we post real-time updates on our status page and work to restore service as quickly as possible.

Passwords are hashed using industry-standard algorithms (bcrypt) with salting. We never store plaintext passwords, and even our engineers cannot retrieve user passwords.

We only share data with carefully vetted subprocessors necessary to operate the service (e.g., payment processors, email providers, hosting providers). These partners are contractually bound to protect your data and are subject to our Data Processing Addendum (DPA).

Please report any security concerns to security@inspectqc.com with detailed information. We take all reports seriously and will respond promptly. Please allow reasonable time for us to investigate and address the issue before public disclosure.