// Trust & Security Report

    memoQ Zrt. logo

    memoQ Zrt.

    Translation and Localization Management

    Certifications held

    6

    Maturity

    Enterprise

    Trains on your data

    No

    Trust center

    Yes

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    SOC 2 Type 2
    HELD

    SOC 2 Type 2 compliance validates that our security practices are robust, repeatable, and reliable. — Adam Klar, CISO (January 19, 2026 press release)

    Verify on memoq.com
    SOC 2 Type 1
    HELD

    Enterprise clients, especially in the U.S., need more than translation technology. They need a partner they can trust with their most sensitive data. — Peter Reynolds, CEO (October 14, 2025 press release)

    Verify on memoq.com
    ISO 27001 v2022
    HELD

    ISO 27001 v2022 — Compliant (listed under Compliances on the memoQ Trust Center)

    Verify on trust.memoq.com
    ISO 9001
    HELD

    memoQ Zrt. has introduced, maintains and continuously improves a quality management system (QMS), compliant to ISO 9001:2015. Certificate valid until 2026. Certified by TUV SUD.

    Verify on memoq.com
    GDPR
    HELD

    GDPR — Compliant (listed under Compliances on the memoQ Trust Center). General Terms Section 100: Provider commits to observing privacy regulations specified by Regulation 2016/679/EC of the European Commission (GDPR).

    Verify on trust.memoq.com
    ISO 27701
    HELD
    > Show 1 unconfirmed / not-held certifications
    HIPAA
    NOT CONFIRMED

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Offered

    Data region

    Microsoft Azure (primary) and GCP. Hosting on dedicated Azure servers with geo-redundant backup across multiple datacenters. Specific EU-only data residency is not explicitly guaranteed in public documentation; transfers outside EEA can occur with GDPR safeguards applied. Company headquarters in Budapest, Hungary (EU).

    General Terms Section 31 explicitly states: 'the Customer's prompts (inputs) and completions (outputs) shall not be used to train, retrain or improve LLMs or any third-party products.' Section 99 permits converting data into anonymized or aggregated information for service improvement only if de-anonymization is not reasonably possible. Section 93 confirms: 'All data entered, created, imported, or added to the memoQ Services are exclusively owned by Customer.'

    // Security controls

    MFA

    Multi-factor authentication is enforced for all user accounts (confirmed in Security Policy Section 10)

    memoq.com

    Encryption in transit

    VPN and/or encryption enforced for sensitive information passing over public networks; TLS used for web communications

    memoq.com

    Encryption at rest

    Full device or container-based encryption listed as an endpoint security control in the Trust Center

    trust.memoq.com

    Penetration testing

    Not publicly disclosed. Trust Center lists 'Vulnerability Remediation Process' and 'Production System User Review' as product security controls. Annual independent review of information security stated in Security Policy Section 15.

    memoq.com

    Bug bounty

    No public bug bounty program found on HackerOne, Bugcrowd, or memoQ's own pages. Security incidents should be reported via security@memoq.com per their documentation.

    trust.memoq.com

    Incident response

    Formal incident response plan with roles, escalation criteria, notification procedures (internal and external including law enforcement and customers). Covered in Security Policy Section 13.

    memoq.com

    Subprocessors

    Microsoft Azure (IT infrastructure), GCP (IT infrastructure), GitHub (development), GitLab (development), Postmark (customer service), Zendesk (customer service). Published at trust.memoq.com/subprocessors.

    trust.memoq.com

    Business continuity

    Business continuity management embedded in ISMS; regular BCM tests covering information security requirements per Security Policy Section 14.

    memoq.com

    ISMS documentation

    Trust Center publishes ISMS Manual, ISMS Scope Document, Information Security Policy, Operation Security Policy, Physical and Environmental Security Policy, and 10+ additional policy documents.

    trust.memoq.com

    // Products & data scope

    memoQ TMS (Translation Management System)Enterprise TMS

    data: Processes all translation content, project data, translation memories, termbases, and user data. Can be deployed on-premises, on private cloud (Azure), or as a managed hosted service. On-premises deployments give the customer full data control.

    Primary enterprise product. Supports flexible workflow management, quality checks, and connectivity. On-prem option available for Professional and Premium tiers. Hosted option uses dedicated Azure servers with daily geo-redundant backups.

    memoQ AI TranslationCloud AI Translation

    data: Cloud-based AI translation; data sent to LLM providers per the AI Solutions terms. Customer prompts and outputs are contractually prohibited from being used to train LLMs. Customer is responsible for ensuring lawful processing of translated content.

    Uses third-party LLM providers. LLM provider terms apply alongside memoQ's terms. Section 31 of General Terms prohibits use of customer inputs/outputs for model training.

    memoQ translator proDesktop CAT Tool

    data: Desktop translation tool for individual freelance translators. Data primarily stays local unless connected to memoQ TMS or cloud features. Lower enterprise compliance overhead.

    Designed by translators for translators. Can operate standalone or connect to memoQ TMS server. Less relevant to enterprise compliance assessments.

    memoQ AGT (Adaptive Generative Translation)Generative AI Translation

    data: Generative AI translation using existing language resources without requiring model training or adjustment. No model retraining on customer data by design.

    Newest AI product. Explicitly does not require AI model training on customer data. Leverages existing translation memories and termbases without altering AI workflows.

    // What to watch

    • ISO 27001 certificate issued by TUV SUD previously expired October 2025; Trust Center now lists ISO 27001 v2022 as Compliant but no public renewal certificate PDF was accessible for verification. The trust center is live and operated via Sprinto compliance platform.
    • EU data residency for cloud-hosted TMS is not explicitly guaranteed; geo-redundant backups cross datacenter regions. On-premises deployment eliminates this concern.
    • No public bug bounty program identified on HackerOne or Bugcrowd.
    • HIPAA compliance is not claimed or evidenced; relevant for US healthcare localization use cases.

    // At a glance

    Pricing model

    Subscription-based (cloud) and perpetual + annual SMA (on-premise). Enterprise pricing requires contacting sales. Translator pro has individual tiers. TMS Professional and Premium tiers include on-premise deployment rights.

    Self-hostable

    Yes

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on memoQ Zrt.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    trust.memoq.com

    > Browse all vendor trust reports