Security

How we protect your data

Bank-Level Security

DocuQuire uses industry-standard security measures to protect your sensitive mortgage documents and personal information. We implement multiple layers of security to ensure your data remains safe and confidential.

Encryption

Data in Transit

All data transfers between your device and our servers are protected using 256-bit TLS encryption. This is the same level of encryption used by banks and financial institutions.

Data at Rest

All documents stored on our servers are encrypted using AES-256 encryption. Documents are stored in Backblaze B2 cloud storage with server-side encryption (SSE-B2), ensuring your files remain encrypted even when stored.

Data Residency

All data is stored in Canada (Toronto) to ensure compliance with Canadian data residency requirements and PIPEDA regulations. Your data never leaves Canadian borders.

Access Controls

  • Secure Authentication: Password hashing with bcrypt and protected API routes
  • Presigned URLs: Documents are accessed via secure, time-limited presigned URLs (valid for 7 days) - no public file access
  • Role-Based Access: Users can only access documents they are authorized to view
  • API Security: All API routes are protected with authentication middleware

Automatic Document Deletion

Documents are automatically deleted after 90 days to minimize data retention and reduce security risks. This ensures that sensitive information is not stored longer than necessary.

Compliance

PIPEDA Compliant

DocuQuire is fully compliant with the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada's federal privacy law. We follow all requirements for the collection, use, and disclosure of personal information.

Security Audits

We conduct regular security audits and vulnerability assessments to identify and address potential security issues. Our infrastructure is continuously monitored for threats and anomalies.

Infrastructure Security

  • Secure cloud infrastructure with industry-leading providers
  • Regular security patches and updates
  • DDoS protection and network security measures
  • Secure payment processing through Stripe (PCI DSS compliant)

Your Responsibility

While we implement robust security measures, you also play a role in protecting your account:

  • Use a strong, unique password
  • Never share your account credentials
  • Log out when using shared devices
  • Report any suspicious activity immediately

Questions About Security?

If you have questions about our security practices or need to report a security concern, please contact us: