Updated 9/26/2025

Compliance

How QSNAPP aligns with applicable laws and industry standards while enabling your practice.

On this page

Overview Regulatory Alignment Data Protection Commitments Vendor & Processor Management Risk Management Audit & Logging Record of Processing Data Subject Requests Data Residency & Transfers Retention & Deletion Policy Governance Contact

Overview

QSNAPP takes a practical, risk‑based approach to compliance. We map our controls to relevant legal requirements and frameworks, maintain documentation, and continuously improve.

Lawful Basis

We document purposes and legal bases for processing.

Data Minimisation

We collect the minimum personal data required.

Accountability

We maintain records, policies, and training.

Regulatory Alignment

We align our privacy and security practices with widely adopted principles from regulations like POPIA (South Africa) and GDPR (EU), focusing on transparency, purpose limitation, security, and data subject rights.

Data Protection Commitments

Privacy by design and default in product decisions.
Encryption in transit and at rest; hardening and monitoring.
Role‑based access control and least‑privilege administration.

Vendor & Processor Management

We evaluate sub‑processors for security posture and contractual safeguards. Data processing agreements and standard contractual clauses are used where applicable.

Risk Management

We track risks in a register, prioritise mitigations, and review controls periodically. Changes to architecture or vendors trigger risk reviews.

Audit & Logging

Application and infrastructure logs support troubleshooting and security investigations. Access to logs is controlled and retained for a defined period.

Record of Processing

We maintain a lightweight Record of Processing Activities (RoPA) describing purposes, categories, recipients, retention, and safeguards for personal data.

Data Subject Requests

Requests to access, correct, delete, or export personal data can be submitted to hello@qsnapp.com. We verify identity and respond within reasonable timeframes.

Data Residency & Transfers

Personal data may be processed in other jurisdictions by vetted providers with appropriate safeguards, such as standard contractual clauses.

Retention & Deletion

We retain personal data only as long as necessary for the stated purposes or as required by law, then securely delete or anonymise it.

Policy Governance

Policies are reviewed periodically and updated as our product and regulatory environment evolve. The latest version is always available on this page.

Compliance questions?

We’re happy to help with DPA, vendors, and data handling.

Contact Compliance