Quantlix · Trust center

Trust center

Security, compliance posture, and data-flow transparency for procurement and security reviews.

Readiness, not legal compliance

Quantlix provides runtime policy enforcement and exportable evidence on supported production paths to help teams build EU AI Act readiness and broader AI governance workflows. It is not legal advice, a conformity assessment, CE marking, or a guarantee of regulatory compliance. Risk classification, DPIAs, and legal interpretation remain your responsibility.

Supported paths & evidence APIs → · Trust center →

Compliance posture

SOC 2 Type 1

In progress

Control design and operating evidence collection underway. Report available under NDA after completion.

Request audit report →

ISO 27001

On roadmap

Information security management system certification planned after SOC 2 Type 1.

GDPR

Privacy by architecture

Data subject export, deactivation, and erasure flows with audit logging. Standard DPA available.

Data Processing Agreement →

Data residency

EU-hosted default

Managed Quantlix cloud runs on EU infrastructure (Hetzner). Self-hosted Kubernetes available for stricter boundaries.

Security overview

Encryption, access, incidents, and vulnerability management for reviewers.

Subprocessors

Live list of infrastructure and service providers.

System status

Current operational status of Quantlix services.

Responsible disclosure

Report vulnerabilities to our security team.

Data Processing Agreement

Download our standard DPA or request execution.

Audit report (NDA)

Request SOC 2 evidence when available.

Subprocessors (summary)

PartyRoleRegionsData categoriesNotes
GitHub, Inc. (Microsoft)
Source code hosting and CIUS, EUsource_code, ci_metadata
Hetzner Online GmbH
Cloud infrastructure (managed Quantlix hosting)EUcustomer_payloads, operational_logs, account_metadata
Model providers you configure
Customer-configured		Inference (OpenAI, Anthropic, Azure OpenAI, Bedrock, etc.)variesprompts, completions, embeddingsCustomer-selected; data flows per deployment provider binding and DPA.
Stripe, Inc.
Payment processing and billingEU, USbilling_pii, payment_metadata
Voyage AI (when enabled)
Customer-configured		Embeddings and semantic retrievalUStext_for_embeddingOnly when used for RAG or semantic cache.

Company & hosting

Quantlix is operated by Navego AB, Lillängsvägen 21, 131 41 Nacka, Stockholm, Sweden.

Questions for security or compliance reviews: security@quantlix.ai

Trust Center — Quantlix — Quantlix