Security

Security is built into every layer of OpesQ. We take the protection of your data seriously and apply industry-standard safeguards across our entire platform.

All data is encrypted in transit and at rest. Every connection to OpesQ uses HTTPS with TLS 1.2 or higher. There are no exceptions.

Passwords are securely hashed and never stored in plaintext. Role-based access control ensures users only see data relevant to their role. Business administrators control what staff can access. Passport holders control what employers can see.

API access is authenticated using signed tokens with automatic expiry.

Each business on OpesQ operates in a fully isolated environment. Strict data separation is enforced at the database level. One customer cannot access another customer's data under any circumstances.

All customer data is stored within the UK/EU. We do not store customer data outside of these regions.

Automated backups run daily with point-in-time recovery available. Backups are encrypted and stored in the same region as the primary data.

We monitor platform health, error rates, and access patterns continuously. Anomalous activity triggers automated alerts.

In the event of a security incident, we follow a documented response process: contain, investigate, remediate, notify. Affected customers are notified within 72 hours in line with UK GDPR requirements.

OpesQ follows secure development practices including input validation, parameterised queries, output encoding, and CSRF protection. Security headers are applied to all responses.

If you discover a security vulnerability in OpesQ, please report it to hello@opesq.com. We take all reports seriously and will respond within 2 working days.

We ask that you do not publicly disclose the vulnerability until we have had a reasonable opportunity to investigate and remediate.

For security or data protection enquiries, contact hello@opesq.com.