Skip to main content

Design principles

1. Zero trust the server Enclave is architected assuming the server is compromised. Files are encrypted on the client with keys the server never holds. A server breach exposes only ciphertext. 2. Cryptographic enforcement over policy Access controls are enforced by key material, not only by application-layer policy. A user without the decryption key cannot read a file — even if the access control layer is bypassed. 3. Immutable evidence The audit log is append-only and cryptographically chained. Historical entries cannot be modified without breaking the chain. 4. Minimal trust surface Quelden employees cannot access customer data. There is no admin backdoor, no customer support access mode, no internal tooling that decrypts files.

Network security

  • All traffic uses TLS 1.3. TLS 1.2 is supported for legacy compatibility but 1.0 and 1.1 are disabled.
  • HSTS is enforced with a 1-year max-age and includeSubDomains.
  • Certificate pinning is available for mobile and desktop clients.
  • API endpoints are rate-limited per user and per IP.

Application security

  • All API inputs are validated against strict schemas before processing.
  • SQL queries use parameterised statements throughout — no string concatenation.
  • File uploads are scanned for metadata stripping before encryption (EXIF, document properties).
  • Dependency versions are pinned and audited weekly via automated CVE scanning.

Infrastructure security

  • Application servers run as non-root containers with read-only filesystems.
  • Secrets are injected via environment variables from a secrets manager — never baked into images.
  • Database connections use mutual TLS.
  • Object storage buckets are private, accessed only via pre-signed URLs generated by the application layer.

Vulnerability disclosure

Quelden operates a responsible disclosure programme. If you discover a security issue:
  • Email security@quelden.com with a description and reproduction steps
  • We respond within 24 hours and provide a timeline for remediation
  • We do not pursue legal action against researchers acting in good faith
Public acknowledgement is available for significant findings. We do not currently offer a bug bounty but are considering one.