QLLM SOFT — Legal

Breach Notification Policy

How QllmSoft detects, assesses, and notifies affected parties in the event of a personal data breach.

Effective Date: October 15, 2025

Breach Notification Policy

1 Purpose and Scope

This policy describes how QllmSoft identifies, assesses, and responds to personal data breaches affecting QllmDocs, and how affected individuals, customers, and regulators are notified in accordance with GDPR and comparable data protection laws. It applies to all personal data processed through the Service, including account data and documents stored on your behalf.

2 What Counts as a Breach

A personal data breach is any security incident leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to, personal data transmitted, stored, or otherwise processed through QllmDocs — for example, unauthorized account access, misconfigured access controls exposing documents, or a security incident involving an authorized sub-processor such as Microsoft Azure or PayPal.

3 Detection and Internal Escalation

QllmDocs uses activity logging, audit trails, and rate limiting, security monitoring to help identify anomalous access patterns.

4 Risk Assessment

Upon detection, we assess:

  • The categories and volume of personal data involved.
  • Whether the data was encrypted or otherwise rendered unintelligible to an unauthorized party.
  • The likely consequences for affected individuals.
  • Whether the breach is likely to result in a risk, or a high risk, to the rights and freedoms of affected individuals.

5 Notification to Supervisory Authorities

Where a breach is likely to result in a risk to individuals' rights and freedoms, we (or the affected Controller, per the Data Processing Agreement) will notify the competent supervisory authority without undue delay, and where feasible, within 72 hours of becoming aware of the breach.

6 Notification to Affected Users

Where a breach is likely to result in a high risk to an individual's rights and freedoms, and QllmSoft is acting as controller for that data (e.g., account-level data), we will notify affected users directly, without undue delay, using the contact information on file for their account.

7 Notification to Customers (Controllers)

Where personal data breached belongs to a customer's uploaded documents or team data, QllmSoft will notify that customer without undue delay, and in any case within 72 hours of becoming aware, so the customer can meet its own regulatory and individual-notification obligations.

8 Content of Notifications

Notifications will include, to the extent known at the time:

  • A description of the nature of the breach, including categories and approximate number of data subjects and records affected.
  • The name and contact details of QllmSoft's point of contact.
  • The likely consequences of the breach.
  • Measures taken or proposed to address the breach and mitigate its effects.

9 Record-Keeping

QllmSoft maintains an internal record of all personal data breaches, including facts, effects, and remedial action taken, regardless of whether the breach met the threshold for external notification.

10 Roles and Responsibilities

  • Security/Engineering team: Detection, containment, and technical remediation.
  • Compliance personnel: Risk assessment, regulatory notification decisions, and communication with affected customers and individuals.
  • Customer Admins: Responsible for notifying their own end users where the customer is the data Controller.

11 Changes to This Policy

We may update this policy as our processes evolve or as legal requibi bi-calendar3rements change. Updates will be posted on this page with a revised Effective Date.

12 Contact Information

Security Contact Email: support@qllmdocs.com
Company: QllmSoft
Address: Lalamusa, Pakistan

To report a suspected security incident, email support@qllmdocs.com with subject line "Security Incident Report."