Security Overview

Last Updated: January 23, 2025

1. Infrastructure

• Hosted exclusively in United States-based cloud infrastructure
• Multi-zone redundancy for availability
• Regular patching and security updates
• Firewalls and network segmentation
• Access controls and audit logging

2. Data Encryption

• In transit: TLS 1.2+ encryption
• At rest: Industry-standard encryption for databases and file storage

3. Access Controls

• Role-based access privileges
• Principle of least privilege
• Multi-factor authentication (MFA) enforced for administrative access
• Logged and monitored access events

4. Runtime Security

• Customer data isolation
• Abuse detection systems
• Agent-run monitoring for anomalies
• Prevention of unusual API activity

5. Vulnerability Management

• Regular vulnerability scanning
• Third-party security assessments where appropriate
• Prompt remediation cycles

6. Incident Response

We maintain an internal incident response protocol including:

• Identification and triage
• Containment and mitigation
• Eradication of threats
• Recovery and validation
• Notification where legally required

7. Subprocessors

We use trusted vendors for:

• Cloud hosting infrastructure
• AI model providers (industry-leading providers)
• Payment processors (Stripe)
• Email delivery systems
• Authentication services (Clerk)

8. Customer Responsibilities

Users must:

• Protect account credentials
• Maintain secure devices
• Not share passwords
• Review outputs for accuracy and safety
• Use the platform legally and responsibly

For enterprise customers, see Enterprise Security Addendum.

© 2025 QuROI, Inc. All rights reserved.