Security & Data Protection
QrX is built with enterprise-grade security at every layer. We take the protection of your data and payments seriously — here's how we keep everything safe.
Payment Security
QrX never stores your card details. All payment processing is handled by PCI-DSS compliant payment providers (Stripe, MultiSafepay, Mollie). Your card information goes directly to the payment provider — it never touches QrX servers.
3D Secure on every transaction. Every card payment includes an extra authentication step (such as bank app confirmation or SMS verification) to prevent unauthorized use.
HMAC-signed requests. All API communication uses HMAC-SHA256 signatures with timestamps and nonces to prevent tampering and replay attacks.
Data Encryption
In transit — all data is encrypted using TLS 1.3, the latest encryption standard
At rest — stored data is protected with AES-256 encryption
Database — PostgreSQL with encrypted connections and parameterized queries to prevent SQL injection
Authentication & Access Control
Token-based authentication — secure JWT tokens with short expiry and automatic refresh
Role-based access control — granular permissions ensure team members only see what they need
Secure mobile storage — authentication tokens are stored in the device's secure enclave (iOS Keychain / Android Keystore)
Infrastructure
EU-hosted — all data is stored and processed within the European Union
DDoS protection — automated defense against distributed denial-of-service attacks
Automated failover — redundant systems ensure 99.9% uptime
Geographic backups — encrypted automated backups with geographic redundancy
GDPR Compliance
QrX is fully GDPR compliant. We process personal data lawfully and transparently:
Data retention aligned with GDPR requirements
Secure data deletion when no longer needed
Complete audit trails for all data access and modifications
Users can request their data or ask for deletion at any time
Fraud Monitoring
QrX employs real-time fraud monitoring with anomaly detection. Suspicious transactions are flagged automatically, and our system includes origin enforcement, user-agent verification, and accept-type validation to block unauthorized access attempts.
Audit & Compliance
Every action within QrX is logged in a centralized audit system. This provides a complete, tamper-proof record of all activities — from payment processing to user management — ensuring full traceability and accountability.