QueueKitOpen app

Security

Built for buyers who ask security questions first.

Data handling

QueueKit stores queue entries, staff actions, and audit logs needed to operate institutional service desks.

Encryption

Production deployments use TLS in transit and managed Postgres encryption at rest through the hosting provider.

Authentication

Admin and staff access uses verified email accounts, secure HTTP-only sessions, and organization-scoped authorization.

Audit logging

Management mutations and queue service events are written as durable history for review and analytics.

Incident response

Security disclosures should be sent to security@queuekit.name.ng. Incident process documentation is being formalized.

Compliance posture

QueueKit is not SOC 2 certified today. The product is being built toward procurement-grade controls.

Subprocessors

Resend, Render, Vercel, Neon, and Upstash. Customer phone numbers are intended to be anonymized after 30 days, data is not sold, and deletion requests are treated seriously.