Security & Compliance
Built with security and privacy by design. POPIA-compliant from day one.
Security Architecture
Encryption Everywhere
All data encrypted in transit (TLS 1.3) and at rest (AES-256). Sensitive fields use additional column-level encryption.
Row-Level Security
Postgres RLS policies ensure multi-tenant data isolation. Each department can only access their own data.
Audit Logging
Comprehensive audit trails for all data access, modifications, and administrative actions.
Access Controls
Role-based access control (RBAC) with principle of least privilege. MFA available for admin accounts.
POPIA Compliance
Data Minimization
We collect only the minimum personal information required to provide the booking service: phone number or SA ID for verification, appointment details, and optional name for service delivery.
Purpose Specification
Personal information is used solely for appointment booking, verification, and service delivery. We do not share data with third parties except as required for service delivery (e.g., SMS providers).
Data Retention
Configurable retention policies per department. Personal data can be automatically anonymized or deleted after a specified period (typically 90 days post-appointment).
Consent Management
Clear consent capture during booking. Citizens informed about data usage, retention, and their rights. Audit trail of all consent events.
Data Subject Rights
Citizens can request access, correction, or deletion of their personal information through department contact points. We provide tools for departments to fulfill these requests.
Security Certifications & Audits
Regular Security Assessments
NoQue undergoes regular security audits and penetration testing by independent third-party security firms. We maintain documentation of all findings and remediation actions.
Vulnerability Disclosure
We welcome responsible disclosure of security vulnerabilities.
Contact: security@noque.co.za