Security
Last updated: 1 July 2026
Security is built into every layer of Quorient’s infrastructure. Here is an overview of the measures we take to protect your business data.
Infrastructure
- All services run on SOC 2 Type II certified cloud infrastructure.
- Data is stored in encrypted volumes using AES-256 at rest.
- All data in transit is encrypted using TLS 1.2 or higher.
- Production environments are isolated from development and staging.
Access control
- Role-based access control (RBAC) is enforced across all internal systems.
- Quorient employees access production systems via multi-factor authentication (MFA).
- Access to Customer Data is restricted to personnel who require it to perform their job.
- All internal access is logged and auditable.
Application security
- We follow OWASP secure development guidelines.
- Dependencies are monitored for known vulnerabilities and patched promptly.
- We conduct regular internal security reviews and penetration testing.
- Authentication tokens are short-lived and rotated automatically.
Data handling
- Customer Data is never used to train AI models without explicit written consent.
- Data is logically separated between customers — no cross-tenant access is possible.
- Backups are encrypted and tested regularly.
- Data deletion requests are fulfilled within 90 days of account closure.
Incident response
We maintain a documented incident response plan. In the event of a security incident that affects your data, we will notify you within 72 hours of becoming aware of it, as required by applicable data protection law.
Responsible disclosure
If you discover a potential security vulnerability in our systems, please report it to us at security@quorient.io. We ask that you give us a reasonable period to investigate and address the issue before public disclosure. We do not pursue legal action against researchers who act in good faith.
Questions
For any security-related questions, contact security@quorient.io.