Enterprise-grade security.
Zero compromise.

QLM is built for organizations that cannot afford data breaches, compliance gaps, or vendor risk.

🛡

SOC 2 Type II

Via Render certified infrastructure

🏥

HIPAA BAA Available

Enterprise plan

🌐

GDPR Compliant

EU data protection

🔒

TLS 1.3

Encryption in transit

🔑

AES-256

Encryption at rest

📜

Patent Pending

Data Handling

✓ Your data is never used to train our models
✓ Item banks are isolated per organization
✓ Session data retained 90 days, then purged
✓ You can delete all your data at any time via API
✓ We process data in US-Oregon region only

Security Architecture

✓ API authentication via per-org API keys (SHA-256 hashed)
✓ Rate limiting per key and per IP
✓ Idempotency keys prevent duplicate processing
✓ Immutable audit trail for every API call
✓ IP allowlisting available for enterprise

Compliance Frameworks

HIPAA

Business Associate Agreement available on Enterprise plan. PHI handling fully documented. Audit controls and access logging enabled by default.

GDPR

Data deletion API endpoint. No cross-border data transfers. Data Processing Agreement (DPA) available on request. Right to erasure honored within 24 hours.

FERPA

Student data protected under organizational isolation. No third-party sharing. Education records handled per FERPA guidelines with school official exception documentation.

SOC 2

Hosted on SOC 2 Type II certified infrastructure (Render). Annual audit reports available to enterprise customers under NDA.

Download Security Questionnaire Request BAA

Enterprise-grade security.Zero compromise.