Security & Trust

Enterprise-grade security for your trade business.

We understand that your business data and your customers' trust are your most valuable assets. Here is how we keep them safe.

Last updated: 9 May 2026

1. Data Residency & Hosting

Qted is built on world-class infrastructure provided by Amazon Web Services (AWS).

  • UK Based: All primary application data and databases are hosted in the AWS London (eu-west-2) and Ireland (eu-west-1) regions.
  • Redundancy: We use multi-AZ (Availability Zone) deployments to ensure that if one data center goes offline, your business keeps running.

2. Financial Security (Payments)

We do not store your customers' credit card details on our servers. All payments are processed by Stripe, a global leader in payment security.

  • PCI Compliance: Stripe is a certified PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry.
  • Stripe Connect: We use Stripe Connect to ensure that when your customers pay, the funds flow directly to your account, minimizing intermediate risk.

3. AI & Transcription Privacy

Our AI-powered quoting features use OpenAI's enterprise-grade API models.

  • Immediate Deletion: Voice recordings uploaded for transcription are stored in encrypted S3 buckets and are automatically deleted within 24 hours of successful processing.
  • No Training: Data submitted via our API connection to OpenAI is not used to train their global AI models, ensuring your business logic remains private.

4. Data Encryption

  • In Transit: All data sent between your browser/app and our servers is encrypted using 256-bit TLS (Transport Layer Security) encryption.
  • At Rest: Our databases and file storage use AES-256 industrial-strength encryption to protect data while it is stored.

5. Security for Your Customers

When your customers book you through Qted, their experience is protected:

  • Secure Links: Booking pages and quotes are served over HTTPS.
  • Private Quotes: PDF quotes are stored in private S3 buckets and are only accessible via temporary, signed URLs sent to the customer.

6. Platform Integrity

  • Audit Logs: We maintain detailed logs of all administrative actions to detect and investigate any suspicious activity.
  • Regular Backups: Automated daily backups ensure that your data can be restored quickly in the event of a disaster.

7. Reporting a Vulnerability

We appreciate the work of the security community. If you believe you have found a security vulnerability on Qted, please contact our security team privately at hello@spykra.co.uk. We aim to respond to all legitimate reports within 48 hours.