Trust Center
Transparency is the foundation of trust. Here's exactly how we protect your data, who processes it, and how we comply with GDPR.
AI Processing Transparency
We believe in complete honesty about how your data is processed. Here's exactly what happens when you use qualcode.ai.
Data Flow
CSV/Excel files stored securely
Survey text sent to AI providers
Codes and metrics stored
OpenAI
Rater A · GPT-4 series
- EU Standard Contractual Clauses
- Data not used for model training
- Transient processing (not stored)
- Data Processing Agreement in place
Anthropic
Rater B · Claude series
- EU Standard Contractual Clauses
- Data not used for model training
- Transient processing (not stored)
- Data Processing Agreement in place
Security Practices
Enterprise-grade security measures protect your research data at every stage.
Encryption in Transit
All data transmitted using TLS encryption. No unencrypted connections accepted.
Encryption at Rest
All stored data encrypted at rest using industry-standard encryption.
EU Infrastructure
Servers hosted in AWS Frankfurt, Germany (eu-central-1).
Access Controls
Role-based access. Your data is only accessible to you and your team.
Audit Logging
Audit trail of authentication events, admin actions, credit operations, and data exports.
Data Deletion
Delete your data anytime. 30-day trash period, then permanent deletion.
Compliance
We maintain compliance with EU data protection regulations and provide the documentation you need.
GDPR Compliant
General Data Protection Regulation
- Lawful basis for processing (Art. 6)
- Article 28-compliant DPA available
- Data subject rights supported
- 72-hour breach notification
International Transfers
EU-approved mechanisms
- Standard Contractual Clauses (2021/914)
- Transfer Impact Assessments conducted
- Supplementary encryption measures
Sub-processors
Third parties that process your data on our behalf
| Provider | Purpose | Location | Safeguard |
|---|---|---|---|
| AWS EMEA SARL | Infrastructure hosting | Frankfurt, EU | No transfer |
| OpenAI, Inc. | AI classification (Rater A) | USA | SCCs |
| Anthropic, PBC | AI classification (Rater B) | USA | SCCs |
| Stripe, Inc. | Payment processing | Ireland/USA | SCCs |
| Resend, Inc. | Transactional email | USA | SCCs |
For Researchers
Information for ethics board applications and informed consent documentation.
Ethics Board Information
When submitting ethics applications, you may describe the data processing as follows:
"Open-ended survey responses will be processed using qualcode.ai, an AI-assisted coding platform. The platform uses two independent AI models from OpenAI (GPT-4 series) and Anthropic (Claude series) to classify responses. Survey text is transmitted to US-based AI providers under EU Standard Contractual Clauses. Data is not retained by AI providers after processing and is not used to train AI models. All data storage occurs within the EU (Frankfurt, Germany)."
Suggested Consent Language
Example language for participant information sheets:
"Your responses will be analyzed using AI-assisted software to identify themes and patterns. The text of your responses will be processed by AI systems operated by OpenAI and Anthropic (US companies) under legally-approved data protection agreements. Your responses will not be stored by these AI systems or used to train their models."
Documentation
Download or view our legal and compliance documentation.
Questions?
Our team is available to answer security and compliance questions, provide additional documentation, or discuss your institution's specific requirements.