Security & Compliance

Security and compliance are top priorities for Quench because they are fundamental to your experience with the Quench product. Quench is committed to securing your application’s data, eliminating systems vulnerability, and ensuring continuity of access.

Quench uses a variety of industry-standard technologies and services to secure your data from unauthorized access, disclosure, use, and loss. All Quench employees undergo background checks before employment and are trained on security practices during company onboarding and annually.

Security is directed by Quench’s Privacy Officer.

Infrastructure and Network Security

Physical Access Control

Quench is hosted on Amazon Web Services (AWS). AWS data centers feature a layered security model. According to the AWS Data Center Control Summary: “AWS provides physical data center access only to approved employees. All employees who need data center access must first apply for access and provide a valid business justification. These requests are granted based on the principle of least privilege, where requests must specify to which layer of the data center the individual needs access and are time-bound. Requests are reviewed and approved by authorized personnel, and access is revoked after the requested time expires. Once granted admittance, individuals are restricted to areas specified in their permissions.”

Quench employees do not have physical access to AWS data centers, servers, network equipment, or storage.

Logical Access Control

Quench is the assigned administrator of its infrastructure on AWS, and only designated authorized Quench operations team members have access to configure the infrastructure on an as-needed basis behind a two-factor authenticated virtual private network. Specific private keys are required for individual servers, and keys are stored in a secure and encrypted location.

Third-Party Audit

AWS undergoes various third-party independent audits regularly and can provide verification of compliance controls for its data centers, infrastructure, and operations. This includes, but is not limited to, SOC 2 certification and ISO 27001 certification.

Data Security and Privacy

Data Encryption

All data in Quench servers are encrypted at rest. AWS stores and manages data cryptography keys in its redundant and globally distributed Key Management Service. So, if an intruder were ever able to access any of the physical storage devices, the Quench data contained therein would still be impossible to decrypt without the keys, rendering the information a useless jumble of random characters.

Encryption at rest also enables continuity measures like backup and infrastructure management without compromising data security and privacy.

Quench exclusively sends data over HTTPS transport layer security (TLS) encrypted connections for additional security as data transits to and from the application.

Data Removal

All customer data stored on Quench servers is eradicated upon a customer’s termination of service and deletion of account after a 24-hour waiting period to prevent accidental cancellation. Data can also be deleted upon request.

Application Security

Secure Application Development (Application Development Lifecycle)

Quench practices continuous delivery, which means all code changes are committed, tested, shipped, and iterated on in a rapid sequence. A continuous delivery methodology, complemented by pull request, continuous integration (CI), and automated error tracking, significantly decreases the likelihood of a security issue and improves the response time to and the effective eradication of bugs and vulnerabilities. Release notes and details for Quench can be obtained via request to Quench.

Corporate Security

Risk Management

All Quench product changes must go through code review, CI, and build pipeline to reach production servers. Only designated employees on Quench’s operations team have secure shell (SSH) access to production servers.

We perform testing and risk management on all systems and applications on a regular and ongoing basis. New methods are developed, reviewed, and deployed to production via pull request and internal review. New risk management practices are documented and shared via staff presentations on lessons learned and best practices.

Contingency Planning

The Quench operations team includes service continuity and threat remediation among its top priorities. We keep a contingency plan in case of unforeseen events, including risk management, disaster recovery, and customer communication sub-plans that are tested and updated on an ongoing basis and thoroughly reviewed for gaps and changes at least annually.

Security Policies

Quench maintains an internal knowledge base of security policies, which is updated on an ongoing basis and reviewed annually for gaps. An overview of specific security policies is available to Quench enterprise customers upon request:

• Information Security

• Risk Management

• Security Incident Response

• Vulnerability Management

• Change Management

• System Access

Security Training

All engineers review security policies as part of onboarding and are encouraged to review and contribute to policies via internal documentation. Any change to policy affecting the product is communicated as a pull request, such that all engineers can review and contribute before internal publication. Major updates are communicated via email to all Quench employees.

Disclosure Policy

Quench follows the incident handling and response process recommended by SANS, which includes identifying, containing, eradicating, recovering from, communicating, and documenting security events. Quench notifies customers of any data breaches as soon as possible via email, followed by multiple periodic updates throughout each day addressing progress and impact. 

Vulnerability Disclosure

Anyone can report a vulnerability or security concern with a Quench product by contacting dev@projectquench.ai and including a proof of concept, a list of tools used (including versions), and the output of the tools. We take all disclosures very seriously, and once we receive a disclosure we rapidly verify each vulnerability before taking the necessary steps to fix it. Once verified, we periodically send status updates as problems are fixed.

HIPAA 

Quench and our affiliates ensure full HIPAA compliance through rigorous adherence to privacy and security standards. Our software is intentionally designed to protect patient information according to HIPAA regulations. 

Encrypted data transmission and storage methods guarantee the confidentiality of sensitive medical records, while robust access controls ensure that only authorized personnel can view or interact with PHI. Quench employees undergo rigorous internal training and maintain valid HIPAA certificates which you can view on our website. We also conduct routine audits and vulnerability assessments to strengthen our security posture against a continually evolving threat landscape.

LLM Security 

Your data remains strictly confidential and is never used to train our models. All transmissions, including uploads and conversations, are encrypted both during transit (TLS 1.2+) and while at rest (AES 256). Your conversation history remains solely yours and will never be shared or sold. You can request access to your conversation history at any time. Data is stored indefinitely as long as your Quench account is active. Alternatively, you can specify temporary storage preferences while signing up for our service. Please note that our policies may change. Therefore, we recommend regularly checking this page for updates.

Last updated: July 9, 2024