Data Protection and Trust Center content
Disclaimer
The information in this Trust Center and support documentation is provided for general informational purposes only. It does not constitute legal, regulatory, security, or licensing advice, and it does not create any warranties or contractual commitments.
Qhub implements security and privacy controls based on recognized industry practices and is actively working towards ISO/IEC 27001 certification. Any references to standards reflect our security program objectives and internal control framework; they should not be interpreted as a statement of certification or formal compliance prior to successful external audit and certification.
In case of any conflict, the executed agreements between you and Qhub (including the Terms & Conditions, Data Processing Agreement, and any applicable order forms) prevail. Customers remain responsible for validating Hub recommendations against their own policies, risk assessments, and Microsoft contractual terms before implementing changes.
We have created an extensive Trust Center, that you can access here. In this [link], you will find all our policies and relevant information around the compliance frameworks we adhere to.
Below is a quick overview of how we handle your data, followed by a short FAQ.
Data Protection & Security at Q Hub
Qhub protects customer data through a comprehensive information security and privacy framework aligned with ISO 27001 principles.
We apply security and data protection controls across the entire data lifecycle — from collection and storage to access, monitoring, and secure deletion.
restricted using role-based controls and least-privilege principles
– All data is encrypted at rest and in transit
– Systems are continuously monitored and logged
– Backups and disaster recovery procedures are tested regularly
– Security incidents are handled through a formal incident response process
Secure development & operations:
Qhub follows a secure software development lifecycle, including code reviews, vulnerability scanning, and strict separation between development and production environments.
Third-party security:
All vendors and partners are assessed for security and privacy risks before accessing Qhub systems or data and are contractually bound to meet our security standards.
Privacy & compliance:
Qhub processes personal data lawfully, minimally, and transparently. We support data subject rights and apply privacy-by-design principles across our platform.
Data Protection & Security – FAQ
Where is customer data stored?
Customer data is hosted on secure cloud infrastructure. Data residency is governed by contractual and regulatory requirements.
Is customer data encrypted?
Yes. All customer data is encrypted at rest and in transit using industry-standard encryption.
Who can access customer data?
Access is strictly limited to authorized personnel based on role and business need. All access is logged and reviewed regularly.
Does Qhub use customer production data for testing?
No. Production data is not used in development or testing environments unless explicitly approved and protected.
How does Qhub monitor security events?
Qhub continuously monitors systems using logging, alerting, and automated security tooling to detect and respond to suspicious activity.
What happens if there is a security incident?
Qhub follows a formal incident response process, including investigation, containment, remediation, and communication where required.
How long is customer data retained?
Data is retained only as long as necessary based on contractual, legal, and operational requirements and is securely deleted afterward.
How are vendors and subprocessors managed?
All vendors undergo security and privacy due diligence and are contractually required to protect data in line with Qhub standards.
Does Qhub support GDPR and data subject rights?
Yes. Qhub supports access, correction, and deletion requests and applies privacy-by-design principles.
