Security
Last updated on May 28, 2025
Organizational security
Infrastructure Security
We use Heroku and Ngrok to establish secure hosting bridges between Shopify and AWS. This setup is crucial for our staging and production processes, ensuring that our platform remains robust against security threats.
- Security Measures: Both Heroku and Ngrok are selected for their commitment to security, providing features such as encrypted data transmission, secure data processing environments, and compliance with industry-standard security certifications. These measures are part of our layered security strategy to protect against data breaches and cyber threats.
- Heroku and Ngrok’s Role: By integrating Heroku and Ngrok into our platform, we enhance our ability to securely manage and scale our product development. These services enable us to maintain high-security standards for our data hosting and processing activities, ensuring that our user data is protected throughout our infrastructure.
Cloud Security
Secure Cloud Infrastructure
Quoli leverages Amazon Web Services (AWS) for hosting all of our services. AWS maintains a comprehensive security program, including numerous certifications, to ensure the highest levels of security. For detailed insights into the security measures and protocols AWS implements, please visit AWS Security.
Data Hosting and Protection
Our data resides exclusively on AWS databases, all of which are situated within the United States, adhering to stringent security standards. For more specifics on the security practices, refer to the vendor documentation provided in the link above.
Data Encryption Standards
- Encryption at Rest: We ensure that all databases storing sensitive information are encrypted at rest, safeguarding your data against unauthorized access.
- Encryption in Transit: Communication with our applications is secured through TLS/SSL encryption, protecting data as it moves across the internet.
Proactive Security Measures
- Vulnerability Scanning: Quoli conducts regular vulnerability scans and actively monitors for any potential threats to maintain a secure environment.
- Logging and Monitoring: Our team continuously logs and monitors cloud services to detect and respond to security incidents promptly.
Ensuring Business Continuity
- Backup and Recovery: We utilize Mongo's backup solutions to minimize the risk of data loss from hardware failures, ensuring that our services remain available and reliable. Monitoring for Resilience: Our monitoring systems are designed to immediately alert our team to any issues, enabling swift action to prevent or minimize user impact.
Incident Management
- Response to Security Incidents: Quoli has established a comprehensive incident response protocol. This includes steps for escalation, quick mitigation of threats, and transparent communication with stakeholders.
Quoli is committed to maintaining the highest standards of cloud security, ensuring that our infrastructure and your data are protected through advanced technologies and rigorous protocols.
Access Management and Security Protocols
Seamless Integration with Shopify OAuth
At Quoli, ensuring secure and efficient access to our cloud infrastructure and sensitive tools is our top priority. We exclusively use Shopify OAuth for all authentication processes. This streamlined approach eliminates traditional permissions and passwords, providing a secure, efficient, and simplified access management system that is fully integrated with
Shopify’s robust security framework.
Adhering to the Principle of Least Privilege
Quoli is committed to best security practices, including the principle of least privilege. This means access is meticulously managed to ensure team members have only the necessary permissions to fulfill their roles, all facilitated through Shopify OAuth. This minimizes potential security risks and enhances our platform’s integrity.
Regular Access Audits
To further safeguard our systems and data, Quoli conducts thorough quarterly reviews of access privileges. During these audits, we assess and adjust the access rights within our Shopify OAuth framework to ensure they remain aligned with individual roles and responsibilities, maintaining a secure and efficient operational environment.
Optimizing Security Without Traditional Passwords
Given our reliance on Shopify OAuth for authentication, the conventional password policies do not apply to the majority of our operations. This reliance on Shopify’s OAuth technology allows us to benefit from their advanced security measures, including secure token-based authentication, which significantly reduces the risks associated with
password management.
password management.
Leveraging Shopify's Security Measures
By integrating with Shopify OAuth, Quoli benefits from Shopify’s cutting-edge security protocols. This integration ensures that our team and our users enjoy a secure, reliable, and user-friendly experience without the complications of managing and remembering multiple passwords or undergoing additional security checks like SSO and 2FA.
Quoli is dedicated to maintaining a secure, accessible, and efficient platform. Through our exclusive use of Shopify OAuth for authentication, we ensure that our infrastructure remains protected, while also providing a seamless experience for our team members and users alike.
Vendor and Risk Management
Annual Risk Assessments
Quoli conducts annual risk assessments to proactively identify and address potential threats, with a particular focus on fraud prevention. These comprehensive evaluations ensure our operations remain secure and resilient.
Vendor Risk Management
Before onboarding new vendors, Quoli rigorously assesses vendor risk. This evaluation process is crucial to ensuring that all vendors meet our strict security and reliability standards, safeguarding our operations and data integrity.
Contact Us
If you have any questions, comments or concerns or if you wish to report a potential security issue, please contact support@quoli.io.
