Security & Trust

Built for trust.
Verified by design.

Qadar was designed for teams that need to prove AI governance to auditors, clients, and regulators. Here is how we do it.

Request a security review See architecture ↓
No raw prompts stored
EU data residency
GDPR-aligned
TLS 1.3 in transit
Core principles

Security controls that hold under real audit pressure.

No raw prompt storage

We never store original prompt bodies by default. Only redacted, policy-processed records are logged under your retention configuration.

End-to-end encryption

Data in transit uses TLS 1.3. Protected records are encrypted at rest with AES-256 and managed under tenant-scoped controls.

Tenant isolation

Tenant data and controls are logically isolated. Access boundaries are enforced at architecture level, not by convention.

Immutable audit chain

Audit entries are append-only with per-request policy history, enabling consistent evidence for internal review, client due diligence, and regulatory checks.

Architecture

Every request is governed before any model call.

Your AI Tool browser, desktop, mobile, agent Qadar Gateway Data Detection & Masking Policy Engine Audit Log (redacted only) AI Provider OpenAI, Anthropic, etc.

Every request flows through the gateway before reaching an AI provider. Raw prompt bodies are not stored by default.

Your data stays where you need it.

EU data residency is available across plans. When enabled, processing and audit storage remain in EU-region infrastructure under your configured governance rules.

Raw prompt bodies are not retained by default. Retention windows and export policies are tenant-configurable.

Request EU data residency
EU region available
No cross-border routing without policy
Raw prompts not stored by default
Retention configurable per tenant
Compliance roadmap

Status snapshot for governance and certification work.

We are building toward the certifications that regulated teams require.

Standard Status Target
GDPR Aligned Live
SOC 2 Type I In progress Q3 2026
SOC 2 Type II Planned Q4 2026
ISO 27001 Planned 2027

Need a Data Processing Agreement? Talk to the team →

Encryption standards

Encryption at every layer.

TLS 1.3 in transit

All API and extension traffic is encrypted in transit using TLS 1.3.

AES-256 at rest

Protected records are encrypted at rest using AES-256 controls.

Tenant-scoped keys

Each tenant uses isolated key scope; no key material is shared across tenants.

Key rotation controls

Key rotation can be scheduled or requested under enterprise governance workflows.

Security FAQ

Questions security and compliance teams ask first.

Does Qadar store my prompts?

Qadar inspects prompts at policy time and avoids raw prompt storage by default. Audit entries capture policy outcomes and redacted metadata under your configured retention policy.

Who has access to my audit logs?

Audit access is tenant-scoped and role-controlled in Shield Control. Access events are logged, and exports can be routed to your existing SIEM or compliance systems.

What happens if Qadar is down? Does it block my AI tools?

Fail behavior is policy-defined per tenant and workflow. You can enforce fail-closed for high-risk routes and controlled fail-open for lower-risk workflows where continuity is required.

Can I self-host Qadar?

Current deployments are managed cloud. Enterprise teams can scope dedicated environment and residency controls during security review.

How is my tenant key protected?

Keys are tenant-scoped, logically isolated, and rotated on schedule. Key material is never shared across tenants or exposed in customer-facing workflows.

What encryption standards do you use?

Qadar enforces TLS 1.3 in transit and AES-256 for protected data at rest, with tenant-scoped key management and documented rotation procedures.

Have more security questions? Talk to a specialist.

Book a security review

A product and security specialist will reply within one business day.