Security and Compliance

1. Company and Program Overview

Nesqual Tech SRL maintains a security and privacy control program intended to support secure software delivery, managed service operations, support workflows, and internal administration. Our approach is informed by GDPR obligations, least-privilege access principles, and selected control themes associated with recognized assurance frameworks such as SOC 2.

2. Governance and Access Control

• Administrative access is limited according to role, business need, and system responsibility.
• We use authentication, session controls, and environment-level segregation to reduce unauthorized access risk.
• Operational changes are reviewed through documented deployment and maintenance workflows where feasible.

3. Key Technical Controls

• TLS encryption in transit, edge protection, and secure handling of service credentials.
• Role-based access control for administrative operations and internal management functions.
• Audit-oriented logging, monitoring, and environment diagnostics for support and incident response.
• Secure authentication sessions, cookie controls, and least-privilege API access patterns.
• Data minimization and consent-based handling of non-essential analytics or telemetry.
• Backup and recovery practices intended to support continuity and restore service after failure.

4. Monitoring, Vulnerability Handling, and Incident Response

We monitor production services for availability, errors, and suspicious activity. Security or stability issues are triaged according to severity and operational impact. Where appropriate, we investigate, contain, remediate, and document incidents, and we notify affected parties when required by law or contract.

5. Data Protection Practices

We design controls around confidentiality, integrity, and availability. This includes limiting access to data, using secure transmission channels, protecting secrets, and reviewing how vendors and internal systems process personal or sensitive business information.

6. Vendor and Infrastructure Dependencies

Our services rely on infrastructure and software providers such as hosting, observability, edge, and platform vendors. We assess these dependencies based on technical fit, security posture, availability, and privacy considerations, but third-party services remain subject to their own outages, limits, and contractual terms.

7. Important Compliance Statement

"SOC 2 aligned" means our controls are mapped to SOC 2 principles. It does not by itself represent a formal third-party SOC 2 attestation report unless explicitly stated in a signed assurance document.

Similarly, references to GDPR readiness or EU AI Act transparency reflect our operational approach and policy commitments; they should not be interpreted as a blanket certification, legal opinion, or formal regulatory approval.

8. Shared Responsibility

Customers remain responsible for user-level access decisions, the legality of the content and data they submit, endpoint security on their own devices, and decisions taken using outputs from our systems or services. Security outcomes depend on both our controls and customer-side operational discipline.

9. Privacy and Data Subject Rights

We support access, correction, erasure, and portability requests in line with GDPR. For details, see our Privacy Policy and Cookie Policy.

10. Security Contact