Trust & Security
Security and privacy, built in, not bolted on.
Every product we run, StoreQuode, HotelQuode, DeliQuode, WedQuode and FoodQuode, sits on the same foundation: encrypted data, role-based access, immutable audit logs and a team that treats your data like it's ours to lose.
The standards and principles that shape how we build
Security built into every layer.
Encrypted everywhere
AES-256 at rest, TLS 1.2+ in transit. Every product, every backup, every day.
Role-based access
Every user sees only what their role permits, enforced at the API layer, not the UI.
Immutable audit logs
Every sensitive action logged, timestamped and tamper-evident, retained 12 months.
Vetted staff access
Production access is limited, logged and reviewed every quarter, not left standing.
Practices that hold up under real scrutiny.
Encryption, at rest and in transit
Every database, backup and file store is encrypted with AES-256. Every connection runs over TLS 1.2 or higher, no exceptions, no legacy fallbacks.
Request our security overviewResponsible vulnerability response
Found something? We acknowledge verified reports within 24 hours and triage within 48, with credit given where it's due.
Report an issueDaily encrypted backups
Automated nightly backups with restore procedures tested on a real schedule, not just on paper.
24/7 monitoring & support
Systems watched around the clock, with an on-call desk that actually answers when it matters.
Data protection aligned
Practices aligned to the Ghana Data Protection Act and GDPR principles, wherever your data lives.
Defense in depth, not a single point of failure.
No single control carries the whole promise. Network, application, access and data each get their own layer, so one gap doesn't become a breach.
0
%Customer data encrypted at rest and in transit, no exceptions
0
hTarget time to triage a verified vulnerability report
The same protection, across every product.
Whether you run StoreQuode on one till or FoodQuode across a dozen branches, your data is handled the same way, encrypted, access-controlled, backed up, and never sold or shared with third parties.
Request our Data Processing AgreementFound a vulnerability? Tell us first.
We'd rather hear it from a researcher than read it in a headline. Every verified report gets a real response, on a clock we hold ourselves to.
security@exquode.com- Acknowledged within 24 hours, every time
- Triaged and severity-assessed within 48 hours
- Fixes prioritised by real-world impact, not PR
- Credit given to reporters where it's wanted
Questions worth asking us.
If it's not here, ask directly, security questions get answered by a person, not a script.
Talk to usNeed a hand?
Open a ticket or talk to support.