Trust and Security
Quality Group designs its systems for organisations handling sensitive analytical material. Security, confidentiality, and data isolation are core to how Quality Group’s products are built and operated.
Last updated May 2026
Data Handling Principles
- Client materials are processed solely to provide the Service
- Client data remains the property of the Client at all times
- Client data is not used to train shared models or other clients’ systems
- Data is isolated at the client level within the platform
Infrastructure
- Products are hosted on Amazon Web Services (AWS)
- Data is currently processed in the AWS London region (eu-west-2) within the United Kingdom. Quality Group may support additional regions in future to meet specific client requirements, subject to appropriate data transfer mechanisms.
Infrastructure is selected and configured to support security, reliability, and regional flexibility.
AI Processing
Quality Group products may use large language models (LLMs) for analytical processing. Where AI models are used, they are accessed within closed and secure environments managed by Quality Group or trusted cloud infrastructure providers.
- Client data is not uploaded to any external AI platform
- Data is passed to the model for analysis only and is not stored by the model provider
- Client data is not used to train any AI model
Data Security
We implement reasonable technical and organisational measures, including:
- Encryption in transit (TLS)
- Encryption at rest
- Access controls and authentication mechanisms
- Environment-level data separation
Access to client data is restricted to authorised systems and personnel only where required to operate the Service.
Access and Controls
- Access to systems is limited to authorised personnel
- Role-based access controls are applied where appropriate
- Internal access is minimised and monitored
- Clients are responsible for managing access to their own accounts, including user permissions and credential security.
Data Retention
- Data is retained while the client account is active
- Upon account closure, data is deleted within 30 days, unless otherwise agreed or required by law
Clients may request deletion of data at any time.
Subprocessors
Quality Group uses trusted third-party providers to deliver the Service. Our primary subprocessor is Amazon Web Services (AWS), which provides cloud infrastructure and AI model inference services via AWS Bedrock. AWS processes data on our behalf under a Data Processing Agreement that imposes equivalent data protection obligations to those in this document. AWS does not use client data for its own purposes.
A current list of approved subprocessors is maintained in our Data Processing Agreement, provided on signup.
Incident Response
In the event of a data security incident affecting client data:
- Quality Group will investigate promptly
- Affected clients will be notified without undue delay
- Appropriate steps will be taken to mitigate impact
Ongoing Approach
Security practices are reviewed and updated as the platform evolves.
Quality Group’s approach is aligned with the expectations of organisations operating in high-trust, high-stakes environments.