Trust Centre
Quickli Pty Ltd
Quickli Pty Ltd
Trust Centre
Mortgage broker software for faster, clearer lending decisions
Quickli helps mortgage brokers model scenarios, compare lender options, and generate client-ready outputs. This trust center summarizes our approach to security and privacy, how we protect customer data, and how to request security documentation for due diligence.
Security response
3 business days
Security
Trust inquiries
5 business days
Security due diligence
ISO/IEC 27001:2022
Scope: ISMS (Information Security Management System)
Audit year: 2026
SOC 2 Type I
Scope: Security
Audit year: 2024
SOC 2 Type II
Scope: Security
Audit year: 2026
Updated SLA
2026-03
AI data handling details published
2026-02
Published detailed information on how our AI features handle customer data, including zero data retention policies, feature-specific controls for Jiffi AI and Document Renamer, and third-party AI provider configurations.
SOC 2 Type II audit underway
2026-01
Our SOC 2 Type II audit is in progress. The final report will be available on request upon completion.
ISO/IEC 27001:2022 certification granted
2026-01
We achieved ISO/IEC 27001:2022 certification for our ISMS.
SOC 2 Type I completed
2024-11
We completed our SOC 2 Type I assessment (November 2024). The report is available on request.
ISO/IEC 27001:2022 Certificate
CertificationCertificate available on request.
SOC 2 Type I Report
Audit reportReport available on request.
Penetration Test Executive Summary
AssessmentExecutive summary available on request.
Security Policies Pack
PoliciesKey security policies and control summaries (available on request).
Hosting: Cloud-hosted on Vercel and MongoDB Atlas (with supporting third-party services). AI features use multiple enterprise API providers configured for zero data retention.
Encryption: TLS for data in transit; encryption at rest provided by our cloud and database providers. Data sent to AI providers is encrypted in transit and at rest.
Retention: Operational logs and support records have defined retention periods. AI providers are configured for zero data retention. Document Renamer files automatically expire within 24 hours. Application logs do not contain sensitive customer data.
Backups: Automated backups are maintained for critical data stores; restore procedures are documented. Document Renamer files are not backed up.
Regions: Australia (primary): core hosting, database services, and temporary document storage (Document Renamer) are hosted in the Sydney region., Some processing may occur outside Australia for certain third-party services, including AI API endpoints. Details available on request.
Data centers: Operated by our cloud and platform providers.
How do we request security documentation?
Email our trust contact and we will share available documents under appropriate terms (for example NDA) where required.
Who can request security documentation?
Security documentation is available on request for larger customers (typically organisations spending around AUD 15,000 per year with Quickli). If you're evaluating Quickli and expect to be in that range, please request access and include your expected annual spend and timeline. Otherwise, contact us and we'll share an appropriate security overview.
Do you have recognized security certifications?
Yes. We are ISO/IEC 27001:2022 certified, completed SOC 2 Type I in November 2024, and SOC 2 Type II is underway.
Where is Quickli hosted?
Quickli is cloud-hosted using Vercel for application hosting and MongoDB Atlas for database services.
Do you use AI in Quickli?
Yes. Some Quickli features use AI via multiple enterprise API providers. All production AI usage is configured for zero data retention (ZDR). Providers process requests statelessly and do not store documents. Only the information needed to complete the requested task is sent to AI providers.
Is customer data used to train AI models or stored for AI logging?
No. Training and retention are disabled across all production AI providers. Customer inputs are not used to train models, and all providers are configured for zero data retention. Application logs do not contain sensitive customer data.
Which AI models or providers does Quickli use?
We use multiple enterprise AI providers via API. Specific model allocations are not disclosed as they form part of our intellectual property. All providers are configured with zero data retention and training disabled in production.
How does the Jiffi AI chat feature handle data?
Jiffi AI does not accept document uploads. Chat history is stored within your Quickli account. A limited internal team (credit analysts and senior engineers) may review interactions for quality assurance to ensure responses meet professional standards in a credit environment.
How does the Document Renamer handle uploaded files?
Documents are stored temporarily in secure object storage in the Sydney region. Files automatically expire within 24 hours, are not backed up, and extracted text is not stored in the database. Access during the retention window is restricted to senior engineering and security staff only.
Are AI API endpoints hosted in Australia?
Some AI API endpoints are hosted offshore. Customer data sent to AI providers is encrypted in transit and at rest, and all providers are configured for zero data retention.
Do you encrypt data?
Yes. We use TLS for data in transit and encryption at rest through our cloud and database providers. Data sent to AI providers is also encrypted in transit and at rest.
How do you control access to production systems and data?
We apply role-based access controls and least-privilege principles, with access restricted to authorized personnel.
How do you handle security incidents?
We follow an incident response process for triage, containment, remediation, and customer communication as appropriate.
Do you support customer security questionnaires?
Yes. Send your questionnaire to our trust contact and we will respond within the stated SLA.
Office hours: Mon-Fri, 9am-5pm AEST