Quorient

Security

Last updated: 1 July 2026

Security is built into every layer of Quorient’s infrastructure. Here is an overview of the measures we take to protect your business data.

Infrastructure

  • All services run on SOC 2 Type II certified cloud infrastructure.
  • Data is stored in encrypted volumes using AES-256 at rest.
  • All data in transit is encrypted using TLS 1.2 or higher.
  • Production environments are isolated from development and staging.

Access control

  • Role-based access control (RBAC) is enforced across all internal systems.
  • Quorient employees access production systems via multi-factor authentication (MFA).
  • Access to Customer Data is restricted to personnel who require it to perform their job.
  • All internal access is logged and auditable.

Application security

  • We follow OWASP secure development guidelines.
  • Dependencies are monitored for known vulnerabilities and patched promptly.
  • We conduct regular internal security reviews and penetration testing.
  • Authentication tokens are short-lived and rotated automatically.

Data handling

  • Customer Data is never used to train AI models without explicit written consent.
  • Data is logically separated between customers — no cross-tenant access is possible.
  • Backups are encrypted and tested regularly.
  • Data deletion requests are fulfilled within 90 days of account closure.

Incident response

We maintain a documented incident response plan. In the event of a security incident that affects your data, we will notify you within 72 hours of becoming aware of it, as required by applicable data protection law.

Responsible disclosure

If you discover a potential security vulnerability in our systems, please report it to us at security@quorient.io. We ask that you give us a reasonable period to investigate and address the issue before public disclosure. We do not pursue legal action against researchers who act in good faith.

Questions

For any security-related questions, contact security@quorient.io.