Trust Center

Security, privacy, and compliance information

Back to Home
GDPR (EU 2016/679)eIDAS (EU 910/2014)ETSI EN 319 SeriesRFC 3161 TimestampingUN Human Rights FrameworkEU Digital Building BlocksNIST 800-63B (Digital Identity)
Our Commitment to Security
DQMS is built with security-first principles and adheres to European and international standards for data protection, digital identity management, and electronic trust services. We implement GDPR Regulation (EU 2016/679), eIDAS Regulation (EU 910/2014), and ETSI EN 319 electronic signature standards.
Product Security
  • QTSP digital signatures (eIDAS qualified)
  • RFC 3161 timestamping for document integrity
  • Environment-based document watermarking
  • PII field locking after document issuance
  • Secure development lifecycle (SDLC)
  • Automated container and code security scanning
  • Quality gates enforced before every deployment
Data Security
  • AES-256-GCM authenticated encryption at rest
  • TLS 1.3 encryption in transit
  • Field-level PII encryption with key versioning and rotation
  • Automated malware scanning with quarantine on all uploads
  • NIST-compliant password storage (FIPS 140-2)
  • Data retention policies (7-year / 1-year)
  • Automatic data backup with encryption
Access Control
  • Role-based access control (RBAC)
  • TOTP multi-factor authentication with backup codes
  • NIST 800-63B brute-force protection (exponential lockout)
  • Token revocation on logout and password change
  • Session management and timeout
  • Comprehensive audit logging
Privacy (GDPR)
  • Right of Access (Art. 15)
  • Right to Rectification (Art. 16)
  • Right to Erasure (Art. 17)
  • Right to Restriction of Processing (Art. 18)
  • Right to Data Portability (Art. 20)
Infrastructure
  • Docker Compose orchestration (staging) with isolated networks; Docker Swarm with overlay networks for production scaling
  • Infrastructure-only network (databases inaccessible from public)
  • TLS termination via Traefik reverse proxy
  • Microservices architecture with health monitoring
  • Automated rolling deployments with rollback
Regulatory Compliance
  • GDPR - Regulation (EU) 2016/679
  • eIDAS - Regulation (EU) 910/2014
  • ETSI EN 319 Electronic Signature Standards
  • UN Human Rights Framework Guidelines
Digital Signatures & Trust Services
eIDAS-compliant electronic signatures and timestamping

Qualified Signatures

QTSP integration supporting AWS KMS, Azure Key Vault, and qualified trust service providers

RFC 3161 Timestamps

Cryptographic timestamps proving document existence at a specific point in time

Document Integrity

SHA-256 hash chain across entire document lifecycle — from ID document upload through AD issuance and contract signing

Document Integrity & Chain-of-Custody
Tamper-evident document lifecycle with cryptographic integrity at every stage

SHA-256 Hash Chain

Six-point hash chain from ID document upload through AD issuance to signed contract — any modification breaks the chain

QR Verification Codes

HMAC-SHA256 protected QR codes on every AD document with constant-time comparison to prevent timing attacks

Audit Trail Tables

Five dedicated audit tables tracking registration status, AD lifecycle, contract history, bulk operations, and global actions

Environment Watermarking

Non-production documents always watermarked; production documents are clean and legally binding by default

EU Digital Building Blocks Alignment
Alignment with the European Commission's Digital Building Blocks for cross-border interoperability

eSignature

eIDAS-compliant qualified signatures via QTSP, PAdES-B-T format, RFC 3161 timestamping, and ETSI EN 319 conformance

EUDI Wallet

Planned: Accept Person Identification Data (PID) via OpenID4VP and issue DA Particulares as Qualified Electronic Attestations of Attributes (QEAAs)

eDelivery

Planned: AS4 2.0 secure cross-border document delivery with digitally signed acknowledgement of receipt

EBSI

Planned: Verifiable Credentials on European Blockchain Services Infrastructure with Trusted Issuer Registry registration

Incident Response
Our security team is available to respond to security incidents

Detection

Real User Monitoring, audit logging, and service health checks

Response

Rapid incident response with circuit breakers and automated rollback

Communication

Transparent disclosure to affected parties per GDPR Art. 33-34

Security Contact
Have a security concern or want to report a vulnerability?

If you discover a security vulnerability, please report it responsibly. We appreciate your help in keeping our platform and users safe.

Report a VulnerabilityPrivacy Policy

Last updated: March 2026 |View License | Terms of Use

Powered byStargue