QX Labs

Security for AI agents

QX gives teams powerful AI agents with the controls, isolation and transparency that business-critical work demands. Here is how we keep your data safe.

Compliance & certifications

Independent audits are underway. Our policies, controls and full subprocessor list are available through our Trust Center.

ISO 27001:2022 badge

ISO 27001:2022

Information security management system (ISMS) audit underway.

In progress
SOC 2 Type II badge

SOC 2 Type II

Independent examination of our security, confidentiality and availability controls.

In progress
CASA Tier 2 badge

CASA Tier 2

Cloud Application Security Assessment covering app and API security.

Certified
UK & EU GDPR badge

UK & EU GDPR

Backed by our DPA which is available upon request via our Trust Center.

Aligned

How we protect your data

Defense in depth across our infrastructure, application and operations.

End-to-end encryption

TLS 1.2+ in transit, AES-256 at rest. Integration credentials also get app-level encryption.

Tenant isolation

Agents execute in isolated, per-org sandboxes with no shared file system.

Granular data selection

Control exactly which files and folders get ingested, and which actions agents can take.

Role-based access

Assign owner, admin and member roles to control permissions across your team.

Secure authentication

Single sign-on via Google and Microsoft, optional MFA and passkeys for local accounts.

Revocation & deletion

Instantly revoke integrations to cut off access. Delete your data from our systems on request.

Built for AI agents

How we secure against AI risks

Autonomous agents create a new attack surface. We mitigate that.

Flexible model choice

Only trusted models: pick among OpenAI, Anthropic and Gemini per agent and per task. Upgrade with ease when new models are released.

No model training

Your content is used only to run the work you ask for. We don't train our models on it. Our AI providers operate under no-training terms for QX traffic.

Credentials stay protected

Connection secrets are encrypted at rest and resolved at execution time, so they're completely invisible to the AI.

Dig deeper on our security posture

Browse our security controls, policies, subprocessors and answers to common questions, or request access to documentation under NDA.

Email security@qxlabs.com for queries or issues.