Security at KeystoneQ
A high-level overview of how we protect our systems and the data entrusted to us.
Security principles
- Least privilege access and role-based controls.
- Secure-by-default configuration and change control.
- Defense in depth across identity, endpoints, and network layers.
- Continuous monitoring and rapid response.
Data protection
We use industry-standard safeguards to protect data in transit and at rest where applicable, and we restrict access to authorized personnel who need it to deliver services.
Availability and resilience
We design systems for reliability and maintain backups and recovery procedures appropriate to the service. Specific SLAs, RPO/RTO targets, and scope are defined in client agreements.
Incident response
We maintain an incident response process for triage, containment, remediation, and post-incident review. If an incident impacts client data, we communicate in accordance with contractual commitments and applicable law.
Reporting a vulnerability
If you believe you’ve found a security issue on keystoneq.com, please email info@keystoneq.com with details and steps to reproduce. Please do not include sensitive personal data in your report.