Security & Trust

Security and governance, built into the foundation.

The controls your security team expects aren't add-ons — they're how Q-Base is built. Encryption, identity, isolation and auditability are part of the architecture, not an afterthought.

Talk to security Request documentation
SOC 2 TYPE IIGDPRISO 27001SSO / SAMLRBACAES-256
How we protect you

Six layers of protection, by default.

Encryption everywhere

Data encrypted in transit (TLS 1.2+) and at rest with AES-256. Secrets and API keys held in isolated vaults.

Identity & access

SSO, SAML, and granular role-based access down to the field level, across every entity you operate.

Full audit trail

Every action — by every user and every AI agent — logged immutably and exportable for compliance review.

AI guardrails

Policy controls, PII redaction, and provider routing keep AI usage governed, observable and auditable.

Data residency

Choose where your data lives, with multi-region isolation tuned to local regulation and your policies.

99.9% uptime SLA

Redundant, monitored infrastructure with sub-120ms orchestration latency at production scale.

How we handle your data

Your data is yours — governed, isolated, exportable.

Q-Base is the infrastructure layer that turns AI into governed business operations. We never train foundation models on your data, and you can export everything, anytime.

  • Your data is never used to train third-party models.
  • Tenant isolation with least-privilege access by default.
  • Smart routing across providers — no vendor lock-in.
  • Full export of your data and audit logs on request.
security · live posture
Encryption at restAES-256
SSO / SAMLenforced
Audit logging100% · immutable
Data regionUS · IN · SG · EU
SOC 2 Type IIcurrent
Security FAQ

What security teams ask us.

Are you SOC 2 compliant? +
Yes — Q-Base maintains a current SOC 2 Type II report, available under NDA. We also align to ISO 27001 and GDPR requirements.
Do you train AI models on our data? +
No. Your data is never used to train foundation models. Q-Base routes requests across providers under strict data-handling agreements, with PII redaction and policy controls.
Where is our data stored? +
You choose your data region — the US, India, Singapore or Europe — with multi-region isolation tuned to local regulation.
How do you handle access control? +
SSO and SAML for authentication, with field-level role-based access control and multi-entity separation across your organisation.
Can we get an audit log export? +
Yes. Every action by every user and agent is logged immutably and can be exported at any time for compliance review.

Bring your security team.

We'll share our SOC 2 report, architecture overview, and answer your security questionnaire.

Talk to security connect@quantabase.ai