iQStep
Security

Security at iQStep

Your data security is our top priority. Learn how we protect your business.

Certified
SOC 2 Type II
Compliant
ISO 27001
Compliant
GDPR
99.9%
Uptime SLA

At iQStep, security isn't an afterthought—it's foundational to everything we build. We understand that our customers trust us with their most sensitive business data, and we take that responsibility seriously. Our security program is designed to protect your data at every layer.

Infrastructure Security

Cloud Infrastructure

  • Hosted on AWS with data centers in Africa and Europe
  • Multi-region redundancy for high availability
  • Automated backups with point-in-time recovery

Network Security

  • DDoS protection and WAF
  • Intrusion detection and prevention systems
  • 24/7 security monitoring

Data Encryption

Encryption at Rest

All data stored in our databases is encrypted using AES-256 encryption. Database backups are also encrypted.

Encryption in Transit

All data transmitted between your browser and our servers is encrypted using TLS 1.3. We enforce HTTPS on all connections.

Key Management

Encryption keys are managed through AWS KMS with automatic rotation. Keys are never stored alongside encrypted data.

Access Control

For Customers

  • Multi-factor authentication (MFA)
  • Single Sign-On (SSO) with SAML 2.0
  • Role-based access controls (RBAC)
  • Session management and timeout

For Employees

  • Principle of least privilege
  • Background checks for all employees
  • Quarterly access reviews
  • Security awareness training

Incident Response

We maintain a comprehensive incident response plan that includes:

  • 24/7 on-call security team
  • Automated threat detection and alerting
  • Customer notification within 72 hours of confirmed breach
  • Post-incident review and remediation

Compliance & Certifications

SOC 2 Type II

Annual audit of security controls

ISO 27001

Information security management

GDPR

EU data protection compliance

Kenya DPA

Kenya Data Protection Act compliance

POPIA

South Africa privacy compliance

NDPR

Nigeria data protection compliance

Report a Vulnerability

We welcome responsible disclosure of security vulnerabilities. If you discover a security issue, please report it to:

Email: security@iqstep.com

PGP Key: Available upon request

We commit to acknowledging reports within 24 hours and providing a detailed response within 72 hours.