Trust

Data & hosting

Qorpera is built for companies that want AI inside real work without losing control of data, access, or supervision.

This page explains the practical hosting posture behind Qorpera. The binding commitments still live in the privacy policy and terms, but the operating principle is simple: keep company context private, keep app surfaces out of search, and keep people in control of AI actions.

EU storage

Structured application data is stored in Neon Postgres in Frankfurt, Germany.

Encrypted traffic

Network traffic uses TLS. Stored data is encrypted at rest by the underlying managed infrastructure.

Search boundaries

Qorpera Desktop app surfaces are deliberately kept out of public search results.

Human control

Operational AI work is designed around evidence, review, and approval before action.

Location

Where data lives

Qorpera uses managed infrastructure with clear production boundaries. Structured product data is stored in Neon Postgres in Frankfurt, Germany, and the public website and application surfaces are deployed on Vercel.

Production application data is separated from public marketing surfaces.
The public website is indexable; app and login surfaces are not.
Operational records are handled inside product workspaces, not public pages.

Scope

What Qorpera stores

Qorpera stores the data needed to run the product experience: account and workspace records, structured operational data, generated outputs, and company context that customers choose to provide or connect.

Work centers on company context, proposed actions, drafts, approvals, and operational records.
AI Check reports are retained for a limited period so users can revisit results.

Limits

What is not kept by default

Qorpera avoids retaining unnecessary raw inputs where the product does not need them. For AI Check, raw Google content is not retained; generated reports are retained for 90 days.

Public search indexing is limited to marketing and learning pages.
App subdomains send noindex controls and block crawler access through robots.txt.
Retention should be treated as a product control, not a vague promise.

Access

How access is controlled

Qorpera separates public information from authenticated work. Product access, session boundaries, connector authorization, and revocation are treated as operational controls rather than marketing features.

Users reach Work through authenticated app surfaces.
Connector access should be granted deliberately and revocable by administrators.
AI actions should carry enough context for a person to review before approval.

Processing

AI processing and subprocessors

Qorpera uses managed infrastructure and AI providers to deliver the product. The exact binding processor and subprocessor commitments are documented in the legal pages, which should be treated as the source of truth.

Core infrastructure includes managed hosting, database, email, and security services.
AI processing is used to generate analysis, drafts, summaries, and operational proposals.
Subprocessor details should stay visible and updateable as the product evolves.

Supervision

Control matters more than autonomy

The security posture is not only about where data is stored. It is also about how AI work reaches the business: with evidence, uncertainty, and approval paths instead of silent autonomous action.

Qorpera Desktop gives AI context before it drafts or proposes action.
Work routes proposed actions through human review.
The goal is useful AI adoption without giving up operational control.

Legal and product context

Where data lives

Production application data is separated from public marketing surfaces.

The public website is indexable; app and login surfaces are not.

Operational records are handled inside product workspaces, not public pages.

What Qorpera stores

Work centers on company context, proposed actions, drafts, approvals, and operational records.

AI Check reports are retained for a limited period so users can revisit results.

What is not kept by default

Qorpera avoids retaining unnecessary raw inputs where the product does not need them. For AI Check, raw Google content is not retained; generated reports are retained for 90 days.

Public search indexing is limited to marketing and learning pages.

App subdomains send noindex controls and block crawler access through robots.txt.

Retention should be treated as a product control, not a vague promise.

How access is controlled

Users reach Work through authenticated app surfaces.

Connector access should be granted deliberately and revocable by administrators.

AI actions should carry enough context for a person to review before approval.

AI processing and subprocessors

Core infrastructure includes managed hosting, database, email, and security services.

AI processing is used to generate analysis, drafts, summaries, and operational proposals.

Subprocessor details should stay visible and updateable as the product evolves.

Control matters more than autonomy

The security posture is not only about where data is stored. It is also about how AI work reaches the business: with evidence, uncertainty, and approval paths instead of silent autonomous action.

Qorpera Desktop gives AI context before it drafts or proposes action.

Work routes proposed actions through human review.

The goal is useful AI adoption without giving up operational control.