This Risk & Security Overview describes how Quality Work (“the App”, “we”, “us”) manages security, privacy, and operational risk across the platform. It is intended for organizations, security teams, and stakeholders evaluating the App for enterprise use.

1. Security Philosophy

Our security approach is based on three core principles:

• Protect data at all times — in transit, at rest, and on devices.
• Minimize risk through layered controls — defense‑in‑depth across infrastructure, application, and access.
• Ensure transparency and auditability — clear logs, traceability, and documented practices.

2. Infrastructure Security

Quality Work is hosted on secure, industry‑standard cloud infrastructure. Key controls include:

• Hardened, professionally managed data centers
• Redundant infrastructure and automated failover
• Network‑level protections and firewalling
• Strict separation of environments (production vs. non‑production)

3. Data Protection & Privacy

We implement multiple layers of protection for customer data:

• Encryption of data in transit using modern TLS
• Secure storage of sensitive data in controlled environments
• Role‑based access controls for organizational data
• Audit logging of key actions and access events

We act as a data processor and process data only as instructed by the customer organization.

4. Application Security

Application‑level security is built into the development lifecycle. Practices include:

• Secure coding standards and code review
• Dependency monitoring and patching
• Authentication and session management best practices
• Input validation and protection against common web vulnerabilities

5. Offline Mode & Device Risk

The App may store limited data locally on devices when offline to support field work. Risk is managed by:

• Minimizing the amount of data stored offline
• Syncing data securely once connectivity is restored
• Encouraging organizations to enforce device‑level security (PIN, biometrics, MDM)

6. Access Control & Identity

Access to the App and its data is controlled through:

• Unique user accounts and credentials
• Role‑based permissions for administrators, managers, and contractors
• Least‑privilege access principles
• Revocation of access when users leave an organization

7. Incident Detection & Response

We maintain processes to detect, investigate, and respond to security incidents. This includes:

• Monitoring for unusual activity and access patterns
• Defined escalation paths for potential incidents
• Timely notification to affected customers when required
• Post‑incident review and remediation steps

8. Business Continuity & Backups

To reduce operational risk and data loss, we maintain:

• Regular encrypted backups of core data
• Backup retention for a defined period
• Disaster recovery procedures for critical failures

9. Shared Responsibility Model

Security is a shared responsibility between Quality Work and each customer organization:

• We secure the platform, infrastructure, and core application.
• Organizations manage user access, device security, and internal policies.
• Contractors follow safety, documentation, and conduct guidelines.

10. Compliance Alignment

While formal certifications may vary over time, our controls are designed to align with common regulatory and industry expectations, including:

• Data protection principles similar to GDPR and CCPA
• Security practices inspired by SOC‑style control frameworks
• Audit‑friendly logging and traceability for enterprise customers