Infrastructure
QOOM runs on managed cloud infrastructure. Data is stored on:
- Encrypted persistent volumes for application data and assessment results.
- Managed Postgres (via Supabase) for operational state.
- Object storage for video files and generated report artifacts.
All data in transit is encrypted via TLS.
Organization scoping
Data is scoped to organizations. A user in one organization cannot see sessions, subjects, or results from another organization. Every API request is authorized against the caller's organization ID.
Administrators within an organization can see all data within their own organization.
Video retention
Raw video files are retained according to the organization's configured retention policy (default: 60 days from session creation). After the retention window, videos are deleted but the derived metrics, reports, and session metadata are retained.
Contact an administrator to change the retention policy for your organization.
Data types stored
| Data | Retained | Notes | |---|---|---| | Account information (name, email, role) | While account exists | Email required for login | | Subject display name and external ID | While subject exists | Use pseudonyms for privacy | | Session metadata (date, module, subject) | Indefinitely | Core operational data | | Raw video | Default 60 days | Configurable per organization | | Derived metrics and reports | Indefinitely | Small and safe to retain | | Audit log (who did what) | Indefinitely | For compliance |
Deletion
Administrators can delete subjects, sessions, and user accounts from the admin interface. Deletion is permanent for operational data; audit log entries are retained for compliance.
See our Privacy Policy for the full statement.