Security at XQworkflow.
XQworkflow is used by compliance and operations teams in healthcare, manufacturing, life sciences, financial services, and other regulated industries. Security is not a feature; it is a design constraint. This page describes how we currently protect the platform, the data it processes, and the workflows it powers.
All traffic to XQworkflow is served over HTTPS with modern TLS, fronted by Cloudflare. HTTP requests are 301-redirected to HTTPS at the edge.
Every response carries strict security headers: X-Content-Type-Options nosniff, X-Frame-Options DENY, Referrer-Policy strict-origin-when-cross-origin. Click-jacking and content-sniffing attacks are blocked at the response layer.
XQworkflow runs on a managed cloud platform behind Cloudflare. Origin servers are not exposed publicly; all traffic flows through the CDN with HTTP/2 and HTTP/3 support and DDoS protection.
Customer accounts are protected by individual credentials. Single sign-on via your identity provider is available on our Enterprise plan for centralized access control and offboarding.
Workflow visibility, approval rights, and audit-trail access are scoped by role. Frontline operators, supervisors, and compliance leaders see what they need — and only what they need.
Every workflow action — who did what, when, and on which step — is recorded. Logs are tamper-evident and exportable for internal audits, regulatory submissions, and external investigations.
We name our subprocessors.
Many software vendors will not disclose who handles your data. We do. Our privacy policy lists every vendor we use to deliver the platform — including our hosting provider, our email vendor, our scheduling vendor, and our analytics vendor. If you need a current list as a single document for your vendor-management program, ask us and we will send it.
If you believe you have found a security issue in XQworkflow, please tell us. We treat responsible disclosure as a partnership — not a confrontation.
We follow RFC 9116 for security contact discovery and aim to acknowledge reports within one business day.
Continuous improvement, not a static badge.
Security and compliance posture is a moving target. We are committed to industry-standard certifications and continuous improvement of how we build, ship, and operate XQworkflow. Specific attestations and assessments evolve over time and are governed by customer agreements rather than marketing pages.
If you are evaluating XQworkflow as part of a procurement process and need our current security posture, vendor risk questionnaire, or specific certification status, please contact us and we will share the relevant documentation under a mutual NDA.