Q
Qoney
Back to Trust

Security Framework

Enterprise-grade protection for your digital assets

Security-First Architecture

At Qoney, security is not an afterthought—it's the foundation of everything we build. Our multi-layered security architecture combines cutting-edge encryption, blockchain immutability, AI-powered threat detection, and rigorous compliance frameworks to protect your assets and data.

Operated by Global Mutual Funds Pty Ltd (ABN 20090555436), we adhere to Australian financial services regulations and international security standards.

Comprehensive Security Layers

AES-256 Encryption

Military-grade encryption for data at rest and TLS 1.3 for data in transit

  • All sensitive data encrypted with AES-256-GCM
  • TLS 1.3 with perfect forward secrecy
  • Hardware security modules (HSM) for key management
  • End-to-end encryption for communications

Multi-Factor Authentication

Comprehensive identity verification with multiple authentication layers

  • Time-based one-time passwords (TOTP)
  • Biometric authentication support
  • Hardware security key compatibility (FIDO2)
  • IP allowlisting and geographic restrictions

Blockchain Security

Leveraging XRP Ledger's enterprise-grade distributed consensus

  • Immutable transaction records on XRPL
  • Multi-signature wallet architecture
  • Cold storage for the majority of digital assets
  • Real-time blockchain monitoring and validation

Continuous Monitoring

24/7 security operations center with real-time threat detection

  • AI-powered anomaly detection
  • Real-time intrusion detection systems (IDS)
  • Security Information and Event Management (SIEM)
  • Automated incident response protocols

Circuit Breaker Protection

Automated failsafes to prevent system failures and security breaches

  • Rate limiting and DDoS protection
  • Automatic transaction suspension on anomalies
  • Circuit breakers for API and system endpoints
  • Graceful degradation under attack

Infrastructure Security

Enterprise-grade cloud infrastructure with redundancy and isolation

  • Geo-distributed infrastructure with failover
  • Network segmentation and microsegmentation
  • Virtual Private Cloud (VPC) isolation
  • Regular infrastructure penetration testing

Access Control & Identity Management

Role-Based Access Control (RBAC)

  • Granular permission management with principle of least privilege
  • Segregation of duties for critical operations
  • Automated access reviews and recertification
  • Time-based and context-aware access policies

Session Management

  • Secure session tokens with automatic expiration
  • Concurrent session limiting and device tracking
  • Idle timeout with automatic logout
  • Activity logging and suspicious behavior detection

Data Protection & Privacy

Data Encryption

All sensitive data is encrypted using industry-leading standards:

  • At Rest: AES-256-GCM encryption with secure key rotation
  • In Transit: TLS 1.3 with certificate pinning
  • In Use: Secure enclaves for sensitive operations
  • Backups: Encrypted backups with geo-redundancy

Data Minimization

We collect only the data necessary for service delivery and compliance. Personal information is pseudonymized where possible, and we implement strict data retention policies aligned with regulatory requirements.

Privacy-by-Design

Our platform architecture embeds privacy controls at every layer, from database design to API endpoints, ensuring compliance with GDPR, Australian Privacy Act, and other data protection regulations.

Threat Detection & Response

Detection

  • • AI-powered anomaly detection
  • • Behavioral analytics
  • • Real-time threat intelligence
  • • Transaction pattern analysis

Prevention

  • • DDoS mitigation
  • • Web application firewall (WAF)
  • • Rate limiting & throttling
  • • IP reputation filtering

Response

  • • Automated incident response
  • • Security incident escalation
  • • Forensic analysis & reporting
  • • User notification protocols

24/7 Security Operations Center (SOC)

Our dedicated security team monitors all systems around the clock, with mean-time-to-detect (MTTD) under 15 minutes and mean-time-to-respond (MTTR) under 1 hour for critical incidents.

Compliance & Certifications

We maintain certifications and compliance with leading security frameworks and regulatory requirements:

ISO 27001

Information Security Management System

SOC 2 Type II

Security, Availability, and Confidentiality

PCI DSS

Payment Card Industry Data Security Standard

GDPR

General Data Protection Regulation

Australian Privacy Act

Australian Privacy Principles (APPs)

AUSTRAC

Anti-Money Laundering and Counter-Terrorism Financing

Security Audits & Testing

We maintain the highest security standards through rigorous testing and independent audits:

Annual third-party security audits
Quarterly penetration testing by certified ethical hackers
Continuous vulnerability scanning and remediation
Bug bounty program for responsible disclosure
Regular code reviews and static analysis
Disaster recovery and business continuity testing

Incident Response Plan

In the unlikely event of a security incident, we follow a comprehensive incident response plan:

1

Detection

Immediate identification and classification

2

Containment

Isolate affected systems and prevent spread

3

Eradication

Remove threat and vulnerabilities

4

Recovery

Restore operations and notify users

Security Contact

If you discover a security vulnerability or have security-related concerns, please contact us immediately:

Security Team

Global Mutual Funds Pty Ltd

ABN: 20090555436

Level 3 Suite 310, 247 Coward Street

Mascot NSW 2020, Australia

Email: [email protected]

Phone: +61 2 8338 8900

Responsible Disclosure

We appreciate responsible disclosure of security vulnerabilities. We commit to acknowledging reports within 24 hours and providing regular updates on remediation progress.

Your Security is Our Priority

Experience institutional-grade protection for your digital assets

Get Started →