Security

Requio is built with security at its core. This page describes how we protect your data and maintain the integrity of our platform.

Overview

Requio Ltd takes the security of your data seriously. This page outlines the technical and organisational measures we implement to protect the Requio platform and your information.

Data in transit: All traffic between your browser and our services is encrypted using TLS 1.2 or higher. We enforce HTTPS for all connections.
Data at rest: Customer data stored in our systems is encrypted at rest using industry-standard encryption (AES-256).
File storage: Documents and attachments uploaded to Requio are stored in encrypted form in our cloud storage.

User authentication: Access to the platform requires secure login with email and password. Passwords are hashed using industry-standard algorithms and are never stored in plain text.
Session management: Sessions are managed securely with appropriate timeouts. Users can be required to re-authenticate for sensitive operations.
Role-based access: Access to projects, DRPs, and features is controlled by role-based permissions (Lead BA, BA, Product Owner, External). Users only see data they are authorised to access.
Multi-tenancy: Tenant isolation ensures that data from one organisation is never accessible to another.

We process and store data only as necessary to provide the Services and as described in our Privacy Policy.
Customer data is logically segregated by tenant. Access to production data is restricted to authorised personnel and only for operational or support purposes.
We retain data in accordance with our data retention policy and applicable legal requirements. Deleted data is purged in a secure manner.

Hosting: Requio is hosted on AWS (Amazon Web Services), which provides enterprise-grade security, compliance certifications, and physical security for data centres.
Network security: Our infrastructure is protected by firewalls, network segmentation, and intrusion detection measures.
Updates and patching: We apply security updates and patches to our systems in a timely manner.
Monitoring: We monitor our systems for suspicious activity and maintain logs for security and audit purposes.

We design our systems and processes with data protection in mind, including alignment with UK GDPR and EU GDPR principles.
We work with customers to support their compliance requirements. For specific compliance questions or documentation requests, please contact us at contact@requio.co.uk.

We maintain procedures to detect, assess, and respond to security incidents. In the event of a data breach affecting your data, we will notify affected parties and relevant authorities as required by law.

You are responsible for maintaining the security of your account credentials and for the actions of users you invite to the platform.
You should use strong passwords and avoid sharing login details. Report any suspected security issues to contact@requio.co.uk.