Qminder’s infrastructure is built with multiple layers of protection to keep your data secure during transmission, storage, or processing. These measures include encryption, least privilege access, secure software development, and a public bug bounty program, among others.

Our information security team constantly introduces new security measures and monitors Qminder for any malicious activity across its infrastructure, networks, and assets.

Qminder offers a comprehensive suite of in-product data protection features and admin controls, providing enhanced visibility and management over your data. Enterprise admins can deploy Qminder in their organizations with SSO via SAML 2.0, provision users through SCIM, and monitor activity using audit log features.

At Qminder, our team is committed to creating and maintaining data privacy processes and safeguards that align with industry standards and best practices. We provide ongoing training to ensure our teams stay informed about changes in legislation and essential privacy and security protocols. Every Qminder employee and contractor agrees to non-disclosure terms to protect the confidentiality and security of your data. Additionally, Qminder requires any vendors handling personal data to adhere to the same stringent data management, security, and privacy standards that we uphold ourselves.

At Qminder, we make it a priority to keep all our agreements aligned with the latest regulations and industry standards. Our Master Subscription Agreement and Data Processing Addendum provide detailed information on Qminder’s data privacy processes, standards, safeguards, and our compliance with data protection laws. To ensure our terms comply with the GDPR, CCPA, and other global privacy standards, we regularly have them reviewed by leading privacy experts across various jurisdictions.

Data governance refers to the policies and procedures that guide how data is acquired and managed throughout its lifecycle—from creation and collection to processing, distribution, storage, and deletion. Qminder’s dedication to data governance is essential in ensuring that our users’ data remains secure, private, accurate, and accessible.

At Qminder, we aim to be fully transparent with our customers about how we collect, process, store, and use their personal data. To support this, Qminder maintains comprehensive and detailed policies outlining how we manage personal information. These policies provide clear guidance on how our users can exercise their rights concerning their data.

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that governs the collection and use of personal data of EU residents, giving data subjects control over their information. As the GDPR is widely regarded as the most stringent global privacy standard, we have aligned our privacy program with the GDPR and other international privacy regulations.

The SOC 2 Type II is an audit report conducted by an independent third-party certified by the American Institute of Certified Public Accountants (AICPA). It evaluates a service organization’s controls based on the Trust Services Criteria (TSC). The SOC 2 Type II report reviews the effectiveness of these controls over time and is designed to give customers and stakeholders confidence that the organization has put in place sufficient measures to protect their data.

The Health Insurance Portability and Accountability Act (HIPAA) is a US federal law enacted in 1996, mandating the protection and confidential handling of protected health information (PHI) by covered entities like healthcare providers, health plans, and healthcare clearinghouses, along with their business associates. Businesses subject to HIPAA can process PHI within their Qminder account, provided they sign Qminder’s Business Associate Agreement.

The Texas Risk and Authorization Management Program (TX-RAMP) is a security framework established by the Texas Department of Information Resources (DIR) that sets baseline security requirements for cloud computing services used by Texas state agencies and higher education institutions. Qminder has achieved TX-RAMP Level 2 certification, demonstrating that our security controls meet the rigorous standards required for handling sensitive government data. This certification enables Texas public sector organizations to confidently deploy Qminder for their queue management and customer experience needs.