Governance

Security & compliance

Qorpera is built for European SMBs operating under GDPR and the upcoming EU AI Act. Security and compliance are foundational, not bolted on.

Data sovereignty

All operational data stored in the EU (PostgreSQL via Neon, Frankfurt region).
pgvector embeddings stored alongside application data, inside the same European perimeter.
No data transit to non-European jurisdictions for storage.
Document uploads stored per-operator with disk-level isolation.

Encryption

OAuth tokens encrypted with AES-256-GCM and decrypted only at the moment of use.
No credentials stored in plain text.
Session cookies: httpOnly, secure (production), sameSite: lax, 30-day expiry.
TLS on all transport.

Operator isolation

Every database query includes operatorId. No operator can access another operator’s data. This is enforced at the query layer, not via application-level checks — the moat around your data is structural.

Access control

Superadmin. Qorpera support. Can enter any operator for debugging; invisible to regular users.
Admin. Company leadership. Sees everything in their operator. Full CRUD.
Member. Employees. Scoped to departments via the UserScope table. Scoped data on every GET route; role check on every mutation.

AI processing

AI reasoning runs via Anthropic and OpenAI enterprise APIs. These APIs contractually do not train on customer data.
Closed-world reasoning means the AI only sees the context assembled from your wiki — not pretrained assumptions about your organisation.
Your business data is never used to train AI models.
When you opt in, anonymised outcome data flows to cross-operator system intelligence. Individual data is never exposed to other operators.

Right to access. Full operator-scoped wiki export on request.
Right to erasure. Cascading deletion across wiki pages, activity streams, and embeddings.
Consent management. OAuth consent is the primary control; revoking in-source halts data flow immediately.
AI disclosure. AI-generated communications carry disclosure footers as required by GDPR and EU AI Act.
Data minimisation. Connectors sync only operationally relevant fields.

EU AI Act

The August 2026 enforcement of the EU AI Act places deployer transparency obligations on organisations operating high-risk AI systems. Qorpera’s wiki-first architecture means full situation audit trails — trigger, investigation, reasoning, action plan, outcomes — are readable on a single page. Admin-tier operators with regulatory requirements can opt into full trace viewing. Full compliance documentation ships ahead of the enforcement date.

Infrastructure security

CSRF: Origin header validation on all state-changing requests.
CSP, X-Frame-Options, X-Content-Type-Options headers.
Rate limiting on document upload and reprocess endpoints.
Environment validation on startup — the service refuses to boot with incomplete secrets.
Sentry for error observability; no customer data in error reports.

Previous← Audit trail

AI processing

AI reasoning runs via Anthropic and OpenAI enterprise APIs. These APIs contractually do not train on customer data.

Closed-world reasoning means the AI only sees the context assembled from your wiki — not pretrained assumptions about your organisation.

Your business data is never used to train AI models.

When you opt in, anonymised outcome data flows to cross-operator system intelligence. Individual data is never exposed to other operators.

GDPR

Right to access. Full operator-scoped wiki export on request.

Right to erasure. Cascading deletion across wiki pages, activity streams, and embeddings.

Consent management. OAuth consent is the primary control; revoking in-source halts data flow immediately.

AI disclosure. AI-generated communications carry disclosure footers as required by GDPR and EU AI Act.

Data minimisation. Connectors sync only operationally relevant fields.

EU AI Act

Infrastructure security

CSRF: Origin header validation on all state-changing requests.

CSP, X-Frame-Options, X-Content-Type-Options headers.

Rate limiting on document upload and reprocess endpoints.

Environment validation on startup — the service refuses to boot with incomplete secrets.

Sentry for error observability; no customer data in error reports.