SOC 2 Type II
Annual independent audit.
SOC 2 Type II certified
Your manuals, fault history, and what your experts know are the asset. Quintess grounds every answer in your approved data, isolates each tenant, encrypts everything in transit and at rest, and keeps your data out of anyone's model training.
Annual independent audit.
Cited from your approved sources.
AES-256 at rest and TLS 1.2+ in transit.
Your data stays inside your account boundary.
Maintenance data includes equipment history, expert knowledge, and operating records. Quintess protects that record from ingestion through every technician interaction.
Answers are grounded in your approved maintenance data and include cited sources, so technicians and experts can check the evidence behind the guidance.
Customer data is encrypted at rest with AES-256 and in transit with TLS 1.2 or higher.

Quintess completes an annual SOC 2 Type II audit covering security, reliability, and data privacy. The report is available on request under mutual NDA.
Independent security specialists regularly test the platform. Findings are tracked through remediation and verification.
Security reviews are part of the software development lifecycle, from design and code review through testing, release, and remediation.
Quintess uses only LLM providers whose applicable terms prohibit training on customer data.
If you believe you have found a vulnerability in Quintess, report it responsibly with enough detail for our team to reproduce and investigate it. The same address is open for procurement, compliance, and general security questions.
security@quintess.aiResources
Security FAQ
Yes. Contact Quintess to request the current SOC 2 Type II report. A signed mutual NDA is required before the report is shared.
Quintess processes source data and interaction data. Source data includes the maintenance documents, schematics, parts information, and work-order history you provide. Interaction data includes the questions, responses, measurements, and confirmed outcomes created while technicians use the agent.
Yes. Private maintenance data can be made available to approved internal users and contractors through role-based access controls.
Source data is encrypted and isolated by tenant. Hosting location and processing details are documented with your team during the security review so the deployment record reflects the approved environment.
Quintess uses only providers whose enterprise terms prohibit training on customer data. The current provider list and the applicable no-training commitments are available during security review.