Privacy by Design (PbD)
Quenza has been designed according to the latest Privacy By Design standards in order to secure all data and ensure the privacy of you and your clients.
Privacy by design (PbD) is an approach to systems engineering that seeks to ensure protection for the privacy of individuals by integrating considerations of privacy issues from the very beginning of the development of products, services, business practices, and physical infrastructures.de La Torre, 2019 | Source
Besides the technical features and security of the app itself, we try to take responsibility for Quenza users to take responsibility by:
- requiring a strong password to be set
- stimulating the use of a personal PIN code, offering an extra layer of security
- automatically locking or logging out users after 30 minutes of inactivity
GDPR, HIPAA & CCPA
Because Quenza is an international application with users from all around the world, our legal team was challenged with the task of making sure Quenza is compliant with all privacy legislation.
To tackle this challenge, we have chosen to ensure we are compliant with the strictest possible sets of privacy legislation around the world, namely the GDPR (General Data Protection Regulation), the HIPAA (Health Insurance Portability and Accountability Act), and the CCPA (California Consumer Privacy Act).
For GDPR-compliance, we have chosen to comply specifically with German privacy legislation because they are the strictest in all of Europe. For this reason, data is stored in Frankfurt and Nuremberg, Germany with industry-leading AES-256 encryption.
What about Canada’s PIPEDA/PIPA laws?
We have found no specific laws or regulations in the Canadian PIPEDA (Personal Information Protection and Electronic Documents Act) that has not already been covered in the GDPR, HIPAA, or CCPA, especially in terms of technical implications for the application.
Example of Privacy Settings for Users
Quenza’s end users (clients) are in charge of their own data. They have the so-called ‘right to be forgotten’ and can request deletion of their data at their own convenience and, in some cases, delete it outright.
Users can also request and or download a complete portfolio in PDF-format containing all of their data and request their professional to delete said data.
Business Associate Agreement (BAA)
Should you require a BAA, please read the instructions in this article.