Breach Notification Policy
How QllmSoft detects, assesses, and notifies affected parties in the event of a personal data breach.
Breach Notification Policy
1 Purpose and Scope
This policy describes how QllmSoft identifies, assesses, and responds to personal data breaches affecting QllmDocs, and how affected individuals, customers, and regulators are notified in accordance with GDPR and comparable data protection laws. It applies to all personal data processed through the Service, including account data and documents stored on your behalf.
2 What Counts as a Breach
A personal data breach is any security incident leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to, personal data transmitted, stored, or otherwise processed through QllmDocs — for example, unauthorized account access, misconfigured access controls exposing documents, or a security incident involving an authorized sub-processor such as Microsoft Azure or PayPal.
3 Detection and Internal Escalation
QllmDocs uses activity logging, audit trails, and rate limiting, security monitoring to help identify anomalous access patterns.
4 Risk Assessment
Upon detection, we assess:
- The categories and volume of personal data involved.
- Whether the data was encrypted or otherwise rendered unintelligible to an unauthorized party.
- The likely consequences for affected individuals.
- Whether the breach is likely to result in a risk, or a high risk, to the rights and freedoms of affected individuals.
5 Notification to Supervisory Authorities
6 Notification to Affected Users
Where a breach is likely to result in a high risk to an individual's rights and freedoms, and QllmSoft is acting as controller for that data (e.g., account-level data), we will notify affected users directly, without undue delay, using the contact information on file for their account.
7 Notification to Customers (Controllers)
Where personal data breached belongs to a customer's uploaded documents or team data, QllmSoft will notify that customer without undue delay, and in any case within 72 hours of becoming aware, so the customer can meet its own regulatory and individual-notification obligations.
8 Content of Notifications
Notifications will include, to the extent known at the time:
- A description of the nature of the breach, including categories and approximate number of data subjects and records affected.
- The name and contact details of QllmSoft's point of contact.
- The likely consequences of the breach.
- Measures taken or proposed to address the breach and mitigate its effects.
9 Record-Keeping
QllmSoft maintains an internal record of all personal data breaches, including facts, effects, and remedial action taken, regardless of whether the breach met the threshold for external notification.
10 Roles and Responsibilities
- Security/Engineering team: Detection, containment, and technical remediation.
- Compliance personnel: Risk assessment, regulatory notification decisions, and communication with affected customers and individuals.
- Customer Admins: Responsible for notifying their own end users where the customer is the data Controller.
11 Changes to This Policy
We may update this policy as our processes evolve or as legal requibi bi-calendar3rements change. Updates will be posted on this page with a revised Effective Date.
12 Contact Information
Company: QllmSoft
Address: Lalamusa, Pakistan
To report a suspected security incident, email support@qllmdocs.com with subject line "Security Incident Report."