Questis - Life-Changing Financial Wellness

Questis Security Overview

At Questis, we take security seriously.

Our team has implemented and maintains a robust Information Security Program (ISP) that covers all aspects of the system life cycle, including planning, development, deployment, and operations of the services you rely on. Each area of the program is governed by executive leadership through the implementation of administrative, physical, and technical controls. We partner with third parties to regularly assess our control environment to ensure we continue to align with industry best practices.

If you have any questions or concerns, please contact us at security@myquestis.com.

Data Security

Questis is committed to protecting the confidentiality, integrity, and availability of your data. Questis data is encrypted in transit and stored securely using modern technologies and methods recommended by both the security industry and standards organizations. Data security controls are implemented using a defense-in-depth design to ensure that our protections are robust and resilient. Our services are delivered through Amazon Web Services (AWS), which provides state of the art technology for security, performance, and availability and is certified as compliant with numerous industry and regulatory standards.

Data Privacy

We know that you have entrusted us with your personal information and that we have a duty to use it in a manner to which you have agreed to. One of our top priorities is ensuring only you can access your data and preventing any noncustomers or bad actors from accessing, disclosing, or violating the privacy and protection of data stored in our systems.

Questis has implemented security controls to ensure that all authorized Questis personnel are authenticated using strong credentials and Multi Factor Authentication (MFA). Permissions within and across our systems are implemented according to the principle of least privilege, and encryption technologies are used to prevent the unintentional exposure of sensitive information.

We only share your personal information with unaffiliated third parties as permitted or required by law. When your account is terminated, we will keep your information only as long as required to maintain adequate business records and comply with our legal obligations. The period for which we maintain your information may vary based on the type of relationship you have with us. Upon termination of your account, we will discontinue any connection to your financial accounts, and we will use commercially reasonable efforts to delete your information as soon as possible. If you have a question about any such information that we may be storing, please email us at security@myquestis.com.

Monitoring

At Questis, we utilize advanced endpoint monitoring and breach detection for all our assets. Questis also leverages a third-party hunt team for vulnerability assessments and reporting. This team is armed with experienced nation-state hackers who have the skills and tools to detect even the most sophisticated attacks. We investigate all reported vulnerabilities. If you believe you have discovered a problem, please email security@myquestis.com.