Trust and Security

Your Code, Your Control

Quorium is built for teams that treat source code as critical intellectual property. We run zero-retention analysis with enterprise-grade security controls so your code is analyzed, reported, and permanently deleted.

Data Flow and Lifecycle

1

Upload

Source code is transmitted over TLS 1.3 with strict transport security.

Encrypted TLS 1.3

2

Analysis

Code is processed in isolated AI pipelines with scoped execution boundaries.

Isolated AI pipeline

3

Report Generated

We retain findings, scores, and recommendations in your audit report.

Findings only retained

4

Deletion

All uploaded source is permanently deleted immediately after processing.

Code permanently deleted

Zero Retention Policy

Quorium does not retain your uploaded source code. Analysis runs, the report is generated, and source code is immediately and permanently deleted from processing systems. We keep the report output only: findings, risk scores, and recommendations.

No source code backups
No source code archives
No source code reuse

AI Provider Data Policies

Quorium integrates with enterprise API tiers, not consumer chatbot products. For these enterprise APIs, provider policy defaults state API data is not used for model training unless explicitly enabled.

🔒

Enterprise-Grade AI Providers

All AI providers used by Quorium operate under enterprise API agreements where customer data is never used for model training.

View their data policy →
🚫

Zero Training Guarantee

Your code and project descriptions are processed via enterprise API tiers that contractually prohibit the use of inputs for model training or improvement.

View their data policy →
🗑️

Immediate Deletion

Source code is deleted from our servers immediately after analysis. Only the final report is retained for your access.

View their data policy →

Encryption and Infrastructure

TLS 1.3 in Transit

All uploads and report delivery channels are encrypted end-to-end.

Encryption at Rest

Ephemeral processing storage remains encrypted while analysis is active.

No Source in Logs

Operational logs contain metadata only. Source code content is excluded.

Deletion Audit Trail

Every analysis includes traceable deletion timestamps for governance review.

Isolated Environments

Each job runs in segmented processing environments with strict isolation.

Compliance Roadmap

Current: Zero-Retention Source Handling

Live

Source code is deleted immediately after report generation. Reports retain findings only.

Current: Enterprise API Model Providers

Live

Quorium uses enterprise API tiers, not consumer chatbot tiers, for provider controls.

SOC 2 Type II

In progress

Formal controls and evidence collection are underway for SOC 2 Type II certification.

Self-Hosted Deployment Option

Planned

Planned for teams requiring fully isolated deployment in their own infrastructure.

Bug Bounty Program

Planned

Planned coordinated disclosure and bounty process for external security researchers.

Questions about security?

Contact our security team at [email protected] for architecture reviews, questionnaires, and technical due diligence.

Start an analysis