top of page

How We Protect Your Data

Security isn’t a feature — it’s infrastructure.

At QTTS, your privacy isn’t just a checkbox — it’s a mission. With data breaches making headlines more often than tax deadlines, we believe real security starts with discipline, redundancy, and planning for failure.

🔒 Only 17% of small businesses encrypt their data, and 51% have no cybersecurity measures at all.
— ExplodingTopics.com, 2023

Let’s just say… we’re not “most businesses.”

The founder of QTTS managed a computer forensics lab at the CRA — yes, that CRA. With a decade of experience investigating data breaches, insider threats, and digital evidence, we’ve seen firsthand what poor security practices look like — and what they cost.

That’s why everything at QTTS is built from the ground up to be secure, encrypted, and recoverable.

🔹 How We Store Your Data

 

Local. Encrypted. Redundant.

We do not rely on permanent cloud storage for client records. Instead, your data is stored locally on secure, encrypted systems maintained by QTTS.

Your data is stored on a secure Network Attached Storage (NAS) system. Here’s what that means:

 

Redundant Storage

Our storage systems use mirrored drives. If one drive fails, the data remains available on the second drive. Once the failed drive is replaced, the system rebuilds automatically.

Full-Disk Encryption

Every drive is encrypted using BitLocker encryption — including the NAS and workstation drives.

 

Local Control

Client data is stored on systems physically controlled and maintained by QTTS, not on shared public storage environments.

🔹 Redundancy & Backup Strategy

 

Built for Recovery — Not Just Storage

 

Protecting your data isn’t just about saving files — it’s about being able to recover them quickly and reliably.

QTTS uses a layered backup strategy designed to protect against:

  • Hardware failure

  • Accidental deletion

  • Ransomware or data corruption

  • System failure

  • Physical disaster

Our backup system follows a professional Grandfather–Father–Son (GFS) rotation model.

Daily Backups (Son)

Incremental backups are created automatically each day to capture recent changes to client data.

 

Weekly Backups (Father)

A full system backup is performed weekly to create stable restore points.

 

Monthly Backups (Grandfather)

Long-term backup snapshots are retained to protect against delayed corruption or the need to recover historical data.

 

Mirrored Backup Storage

All backups are stored on a secure Network Attached Storage (NAS) system configured with mirrored drives.

This means that backup data itself is protected against hardware failure — just like the primary client data stored on our systems.

 

Offline Backup Copies

In addition to the primary backup system, we maintain separate encrypted offline backups stored in a secure location.

These backups are:

  • BitLocker encrypted

  • Isolated from the network

  • Protected against ransomware

  • Stored in a fireproof and waterproof safe

 

This offline copy ensures that your data can still be recovered even in worst-case scenarios.

 

Backup Monitoring and Recovery Testing

Backups are monitored regularly and recovery procedures are tested periodically to ensure that data can be restored quickly and reliably when needed.

🔹 Secure File Transfer & Access

 

Encrypted. Temporary. Controlled.

When files must be transmitted, we use secure Canadian-based platforms with strong encryption and strict access controls.

For document exchange, QTTS uses Sync.com, a privacy-focused service based in Canada.

 

This means:

  • Files are encrypted during transfer and storage

  • Access links expire automatically

  • Access is restricted to authorized users only

  • Documents are not left accessible indefinitely

 

Once your return is finalized, you receive temporary access to your documents. Access expires automatically after a defined period.

No lingering files.
No permanent exposure.
No shortcuts.

🔹 Data Retention & Hardware Disposal

 

Secure From Start to Finish

When storage devices reach the end of their service life, they are not discarded casually.

 

They are:

  • Clearly labeled

  • Tracked in a retention schedule

  • Stored securely

  • Wiped or destroyed according to secure data disposal procedures

 

Client records are retained only as long as required by law.

🔹 Why This Matters

🧯 54% of companies store financial records in the public cloud, and many do not disclose data breaches to their clients.
— ExplodingTopics & ScienceDirect

That’s concerning — and unfortunately common in the industry.

 

At QTTS, we choose to:

  • Maintain direct control over client data

  • Encrypt all storage systems

  • Use layered backup strategies

  • Maintain offline recovery capability

  • Plan for failure before it happens

 

We don’t gamble with your privacy.

 

That’s our promise.

📎 Sources:

bottom of page