Security and Trust Overview


V1.3

November

Our Commitment to Your Data's Security

At Quarterzip, we understand that the data you entrust to us is a critical asset. Our platform is designed to handle sensitive voice, video, and transcript data for training your onboarding agents, and we have built our security program to protect this information at every stage. Your trust is our top priority.

This document provides a transparent overview of our security architecture, policies, and practices. We are committed to maintaining a robust security posture to protect the confidentiality, integrity, and availability of your data.

As a testament to our commitment, Quarterzip is proud to be ISO/IEC 27001 certified. This certification validates that our Information Security Management System (ISMS) meets rigorous international standards and is subject to regular independent audits.

Please note Quarterzip operates under the legal entity of Redactive Operations Pty Ltd until December 1st 2025, with the entity renamed then to Quarterzip Operations Pty Ltd under ASIC.

Core Security Principles

Our security program is built on several key pillars that work together to create a secure environment for your data.

1. Data Encryption

We employ strong, industry-standard encryption to protect your data both when it is being transmitted and when it is stored on our platform.

  • Encryption in Transit: All data transmitted between your users, your end-users, and the Quarterzip platform is encrypted using Transport Layer Security (TLS 1.2 or higher).
  • Encryption at Rest: All of your data—including transient processing artifacts like audio files and transcripts—is automatically encrypted at rest using the AES-256 encryption standard. Encryption keys are managed using a secure, centralized key management service with strict access controls and audit logging.

2. Secure and Resilient Infrastructure

Quarterzip is built on world-class cloud infrastructure providers that maintain compliance with a wide range of global security standards, including SOC 2, ISO 27001, and PCI DSS.

  • Network Isolation: Our production environment is deployed within a logically isolated Virtual Private Cloud (VPC) with strict firewall rules and network segmentation.
  • Threat Protection: Our platform is protected by global load balancing and advanced DDoS mitigation services to ensure high availability and resilience against network-based attacks.
  • Vulnerability Management: We perform continuous security scanning of our infrastructure and applications and engage independent third-party firms for annual penetration tests.

3. Operational Security and Access Control

We adhere to rigorous operational practices to ensure that your data is protected from unauthorized internal access..

  • Principle of Least Privilege: Quarterzip employees are granted access to production systems only on a strict, role-based "need-to-know" basis.
  • Strong Authentication: Multi-Factor Authentication (MFA) is mandatory for all employees accessing internal and production systems.
  • Logging and Monitoring: We maintain comprehensive audit logs of all administrative access and system activity, with automated alerts for suspicious behavior

Data Governance, Processing, and Ownership

We believe in providing clear, transparent, and configurable controls over your data. Our platform is designed to ensure you remain in control.

Workspace Isolation and Data Ownership

All of your data is associated with your specific "Workspace." We maintain strong logical separation to ensure that your data is never exposed to other customers. As a Quarterzip customer, you retain full ownership of all data you provide for training and all data generated from interactions with your end-users ("Customer Data").

Data Types and Retention

Data Type Definition of Data Type Collection Enabled Retention
Internal Testing Call: Visual Data Visual Data refers to video or image data taken from the user's screen, transmitted from a user's device during live communication sessions used by workspace users (Onboarding agent builders) to develop and train the agent. This does not pertain to video from the user's camera. Opt-Out If opted-in, the Customer may configure this to; 90, 180, 365 or indefinite
End User Calls: Visual Data Visual Data refers to video or image data taken from the user's screen, transmitted from a user's device during live communication sessions for your customer's users (regarded as external end users). This does not pertain to video from the user's camera. Opt-in If opted-in, the Customer may configure this to; 90, 180, 365 or indefinite
Audio and Transcripts Call Audio and Artefacts include voice recordings, call transcripts, and content representative of the audio during the communication session. Opt-Out If opted-in, the Customer may configure this to; 90, 180, 365 or indefinite
Analytics Analytics Data comprises operational metadata, usage information, system-generated events, and derived or insights associated with the use of the service. This includes identifiers, anonymised insights, timestamps, performance metrics, and aggregated interaction patterns visible within product interfaces. We create anonymised statistical data from Your Data and usage of our Services (for example, through aggregation). Once anonymised, we own that data and may use it for our own purposes, such as to provide and improve our Services, to develop new services or product offerings, to identify business trends, and for other uses we communicate to you. This may include making such anonymised data publicly available, provided it is not compiled using a sample size small enough to make underlying portions of Your Data identifiable. Required Indefinite

Infrastructure and Data Storage

The Service is hosted on a cloud-based infrastructure operated by Google Cloud Platform (“GCP”) and is subject to GCP’s security, compliance, and environmental safeguards. All Customer Data is processed and stored within data centers located in the United States of America (“U.S.”). The Processor shall provide written notice to the Controller in the event Customer Data is transferred outside the U.S.

Artificial Intelligence Policy

The Service utilises Google Cloud’s Vertex AI platform under Google’s AI/ML Privacy Commitment. Pursuant to Section 17 (“Training Restriction”) of the Service Specific Terms, Customer Data is not used to train or fine-tune any Google or third-party AI/ML models without the Customer’s prior written consent.

Data is not retained by the provider beyond the duration necessary to facilitate call communication. Limited temporary caching and session resumption mechanisms may be employed for performance optimization and continuity of service, in which case such cached data may persist for a maximum of 24 hours and remains subject to fine grained privacy isolation.

Note; Quarterzip does not train large language models on customer data in the pursuit of training a proprietary model. Contracted customers’ data is appropriately segmented at all times.

Third-Party Data Processing (Sub-processors)

Quarterzip partners with a limited number of trusted, industry-leading third-party services for specific functions, such as transcription and cloud infrastructure. We maintain a list of these sub-processors, which is available to customers upon request.

Crucially, we have strict contractual and technical safeguards in place with all sub-processors. Your Customer Data is never used to train any third-party AI models (including Large Language Models) or any models outside the scope of improving your specific Quarterzip agents. Data sent to a sub-processor is used solely for the purpose of generating an output for your service and is not retained or repurposed by them for any other reason.

Customer-Controlled Data Access

You control whether Quarterzip personnel can access your sensitive data for support and service improvement purposes.

  • Default Setting: By default, Quarterzip support and engineering teams do not have access to your Workspace's Customer Data (images, audio, transcripts, and insights).
  • Opt-In Access: To assist with certain support requests, temporary access can be granted to Quarterzip support. These access requests are logged, and can be revoked by you at any time.

Note for Customers that use Beta Features or are part of Design Partner Programs: To access our partnership programs or leverage features still in active development, customers must opt in. As part of opting in to early capabilities, you provide Quarterzip personnel the right to access your sensitive data for support and service improvement purposes. This collaborative partnership allows us to work closely with you to refine our capabilities and improve the platform's core functionality based on real-world data.

Our advice to customers regarding Sub-processor disclosure:

  • We provide configurable disclaimers in our product, both written and spoken by our AI Agent as the call starts, providing the end user the context to decide themselves if they wish to continue or leave the call.
  • We only collect name and email from yourself (if you hand it to us) as part of authenticating to start a Quarterzip end user call.
  • Basic identifiers (such as an end user’s role or display name) help personalise the Call experience for your end users.

Incident Response

Quarterzip maintains a formal Incident Response Plan to ensure a swift and effective response in the event of a security incident. Should a confirmed incident affect your data, we will notify you in accordance with our legal and contractual obligations.

Questions?

Security is our ongoing commitment. If you have any further questions about our security practices, please contact our security team at security@quarterzip.ai.

You may also be interested in our Trust Centre, an external slice of our ISMS, which is available at: https://app.vanta.com/

Quarterzip/trust/sd4wdmjslyr739jbpw5jq3

Looking for our Terms of Service or Privacy Policy instead? They can be found here:

Heading 1

Heading 2

Heading 3

Heading 4

Heading 5
Heading 6

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur.

Block quote

Ordered list

  1. Item 1
  2. Item 2
  3. Item 3

Unordered list

  • Item A
  • Item B
  • Item C

Text link

Bold text

Emphasis

Superscript

Subscript

Supercharge your post sales teams

Green hand-drawn arrow
Personalized onboarding
Give every user a personalized onboarding experience
Book a demo
Book a demo