Skip to main content

Secure, dependable proposal automation software

We value the trust our client's place in us when they choose QorusDocs for their business. That’s why we go above and beyond when it comes to security and compliance measures.

SOC 2 Type II

For the QorusDocs product, a Service Organization Controls (SOC) 2 Type II report is maintained. The audit is performed by an independent third-party evaluator certified by the American Institute of CPAs (AICPA). This audit uses the Trust Services Principles (Security and Privacy), published by AICPA, to evaluate the effectiveness of a service organization’s controls. QorusDocs can provide SOC 2 Type II report and attestations of compliance, upon request, at security@qorusdocs.com. QorusDocs is committed to continuous compliance and has implemented measures to keep the implemented SOC controls current.

GDPR

QorusDocs stores a minimum of Personally Identifiable Information (PII), and only as defined by our client to deliver the Services. QorusDocs follows the policies below that are relevant to General Data Protection Regulation (GDPR):

  • Lawful Basis for Processing: QorusDocs processes data to fulfil the performance of our contract with our clients, with each Client acting as the data controller responsible for determining the lawful basis for processing.
  • Data Subject Rights: QorusDocs reasonably supports Clients, as data controllers, in responding to data subject requests in accordance with applicable data protection laws.
  • Data Security: QorusDocs implements robust technical and organizational measures to safeguard Client data.
  • Data Deletion: QorusDocs retains personal data only as long as necessary to provide our services and deletes or returns data upon contract termination.
  • Sub-processors: QorusDocs engages trusted sub-processors who meet our security and privacy standards and ensures appropriate safeguards for international data transfers.

For more details about QorusDocs’ GDPR compliance, contact security@qorusdocs.com.

Standard Contract Clauses (SCCs)

QorusDocs uses EU Standard Contractual Clauses (SCCs) and UK SCCs as legal mechanisms for data transfer because they provide a secure framework for cross-border data flows. These clauses ensure compliance with data protection laws when transferring personal data from the European Economic Area (EEA) and the UK. By incorporating SCCs into contracts, we demonstrate our commitment to safeguarding user privacy and mitigating risks associated with data transfers across different jurisdictions.

Global Data Processing Agreement

The Data Processing Agreement (DPA) serves as a legally binding contract that outlines the rights and obligations of the parties involved in processing personal data. The DPA sets out the scope, nature, and purpose of processing, the types of data involved, and the responsibilities of both parties to protect the privacy and security of the data.

https://www.qorusdocs.com/dpa/ 

Sub-processors

QorusDocs is acting as a Data Processor under the GDPR or a Service Provider under the CCPA. We comply with prevailing privacy laws and regulations. We ensure that our sub-processors are also compliant and enter into the necessary DPA/SCC legal agreements to satisfy the requirements of the laws.

https://www.qorusdocs.com/subprocessors/ 

Technical and Organizational Measures

QorusDocs upholds stringent security protocols and procedures to safeguard personal information, aligning with regulatory standards such as the GDPR and CCPA. Technical measures encompass both physical and electronic protections, including encryption and access restrictions. Organizational measures pertain to the implementation of policies and procedures that guarantee secure data handling by employees, consistent with privacy legislation. Collectively, these strategies provide a robust shield against threats to data security.

https://www.qorusdocs.com/securitymeasures

EU Artificial Intelligence Act & AI Responsible Use

QorusDocs embraces responsible innovation and aligns its AI-enabled solutions with applicable AI-related regulatory and governance frameworks. Our AI features are powered by reputable third-party providers and are designed to be transparent, secure, and trustworthy. QorusDocs uses carefully vetted third-party AI providers who are subject to supplier due diligence and contractual safeguards to power AI functionality responsibly.

We integrate third-party AI services into our products for clearly defined use cases, supported by human-in-the-loop controls. Customer data is protected at all times, and prompts and outputs are logged for traceability, ensuring accountability, safety, and regulatory compliance.

icon_shield-tick

Ensuring your Privacy

QorusDocs has a privacy policy, which outlines the steps we take to protect clients’ information. The policy is date-stamped and publicly available here. QorusDocs privacy policy is aligned to GDPR.
icon_passcode-lock

Unparalleled data security in the cloud

In addition to multiple internal security and privacy controls, the QorusDocs product is hosted on Microsoft Azure (as its Platform as a Service provider) to ensure our software takes advantage of over 90 compliance certifications and a series of tools that simplify and accelerate cloud compliance.

FAQs

Has QorusDocs completed a SOC 2 Type II examination by an independent auditor?

Yes. QorusDocs maintains a SOC 2 Type II report audited by an independent third-party evaluator certified by the American Institute of CPAs. The audit uses the Trust Services Principles for Security and Privacy to evaluate the effectiveness of QorusDocs' controls. The SOC 2 Type II report and attestations of compliance are available on request by contacting security@qorusdocs.com.

Is QorusDocs GDPR compliant?

Yes. QorusDocs is GDPR compliant and stores a minimum of personally identifiable information, only as defined by the client to deliver the service. Each client acts as the data controller and determines the lawful basis for processing. QorusDocs supports clients in responding to data subject requests, implements technical and organizational measures to safeguard client data, and retains personal data only as long as necessary to provide services. Data is deleted or returned upon contract termination. For detailed information contact security@qorusdocs.com.

Where is QorusDocs data hosted and stored?

QorusDocs is hosted on Microsoft Azure, which provides over 90 compliance certifications and enterprise-grade cloud infrastructure. Because QorusDocs runs within your Microsoft 365 tenant, your content, client data, and IP stay inside your own environment. Data does not leave your Microsoft 365 tenant and is not stored on shared or public infrastructure.

Does QorusDocs use customer data to train AI models?

No. QorusDocs AI is powered by Microsoft Azure OpenAI, which is configured so that your data is never used to train public AI models. QPilot agents work exclusively from your governed content library within your secure Microsoft 365 environment. Your proposals, client information, and firm content remain private and are never used to improve external AI systems.

How does QorusDocs handle data transfers across international jurisdictions?

QorusDocs uses EU Standard Contractual Clauses and UK SCCs as legal mechanisms for cross-border data transfers, ensuring compliance with data protection laws when transferring personal data from the European Economic Area and the UK. A Data Processing Agreement is available that outlines the rights and obligations of both parties, the scope and purpose of processing, and the responsibilities for protecting privacy and security. The DPA is available at www.qorusdocs.com/dpa.

How does QorusDocs manage third-party AI providers and sub-processors?

QorusDocs uses carefully vetted third-party AI providers, including Microsoft Azure OpenAI, subject to supplier due diligence and contractual safeguards. All sub-processors are required to meet QorusDocs security and privacy standards and to enter into appropriate Data Processing Agreements and Standard Contractual Clauses. AI features are integrated for clearly defined use cases, supported by human-in-the-loop controls, with prompts and outputs logged for traceability and accountability. A full list of sub-processors is available at https://qorusdocs.com/subprocessors.

How does QorusDocs align with the EU AI Act?

QorusDocs embraces responsible AI innovation and aligns its AI-enabled solutions with applicable AI regulatory and governance frameworks including the EU Artificial Intelligence Act. AI features are designed to be transparent, secure, and trustworthy, with human-in-the-loop controls at every stage. Customer data is protected throughout, and all AI outputs are logged for traceability to ensure accountability and regulatory compliance.

How does QorusDocs control who can access content and data?

QorusDocs uses role-based permissions to control who can view, edit, publish, and retire content at every level of the platform. Approval workflows ensure that only vetted, current material reaches clients. Combined with the Microsoft 365 tenant architecture, these controls give organizations complete visibility and governance over their content, client data, and proposal workflows without relying on platform-level trust.

How do I get QorusDocs security documentation for a vendor assessment?

QorusDocs provides security documentation including the SOC 2 Type II report, attestations of compliance, the Data Processing Agreement, and technical and organizational measures documentation on request. Contact the QorusDocs Security and Compliance team directly at security@qorusdocs.com for any security questionnaire, vendor assessment, or compliance review requirements.

We're here to answer all your security questions

Our team is standing by to address any additional questions or concerns you might have about QorusDocs’ security and compliance features.

Please contact our Security and Compliance team at security@qorusdocs.com for assistance.