// Trust & Security Report
memoQ Zrt.
Translation and Localization Management
Certifications held
6
Maturity
Enterprise
Trains on your data
No
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on memoq.com“SOC 2 Type 2 compliance validates that our security practices are robust, repeatable, and reliable. — Adam Klar, CISO (January 19, 2026 press release)”
Verify on memoq.com“Enterprise clients, especially in the U.S., need more than translation technology. They need a partner they can trust with their most sensitive data. — Peter Reynolds, CEO (October 14, 2025 press release)”
Verify on trust.memoq.com“ISO 27001 v2022 — Compliant (listed under Compliances on the memoQ Trust Center)”
Verify on memoq.com“memoQ Zrt. has introduced, maintains and continuously improves a quality management system (QMS), compliant to ISO 9001:2015. Certificate valid until 2026. Certified by TUV SUD.”
Verify on trust.memoq.com“GDPR — Compliant (listed under Compliances on the memoQ Trust Center). General Terms Section 100: Provider commits to observing privacy regulations specified by Regulation 2016/679/EC of the European Commission (GDPR).”
> Show 1 unconfirmed / not-held certifications
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Offered
Data region
Microsoft Azure (primary) and GCP. Hosting on dedicated Azure servers with geo-redundant backup across multiple datacenters. Specific EU-only data residency is not explicitly guaranteed in public documentation; transfers outside EEA can occur with GDPR safeguards applied. Company headquarters in Budapest, Hungary (EU).
General Terms Section 31 explicitly states: 'the Customer's prompts (inputs) and completions (outputs) shall not be used to train, retrain or improve LLMs or any third-party products.' Section 99 permits converting data into anonymized or aggregated information for service improvement only if de-anonymization is not reasonably possible. Section 93 confirms: 'All data entered, created, imported, or added to the memoQ Services are exclusively owned by Customer.'
// Security controls
MFA
Multi-factor authentication is enforced for all user accounts (confirmed in Security Policy Section 10)
memoq.comEncryption in transit
VPN and/or encryption enforced for sensitive information passing over public networks; TLS used for web communications
memoq.comEncryption at rest
Full device or container-based encryption listed as an endpoint security control in the Trust Center
trust.memoq.comPenetration testing
Not publicly disclosed. Trust Center lists 'Vulnerability Remediation Process' and 'Production System User Review' as product security controls. Annual independent review of information security stated in Security Policy Section 15.
memoq.comBug bounty
No public bug bounty program found on HackerOne, Bugcrowd, or memoQ's own pages. Security incidents should be reported via security@memoq.com per their documentation.
trust.memoq.comIncident response
Formal incident response plan with roles, escalation criteria, notification procedures (internal and external including law enforcement and customers). Covered in Security Policy Section 13.
memoq.comSubprocessors
Microsoft Azure (IT infrastructure), GCP (IT infrastructure), GitHub (development), GitLab (development), Postmark (customer service), Zendesk (customer service). Published at trust.memoq.com/subprocessors.
trust.memoq.comBusiness continuity
Business continuity management embedded in ISMS; regular BCM tests covering information security requirements per Security Policy Section 14.
memoq.comISMS documentation
Trust Center publishes ISMS Manual, ISMS Scope Document, Information Security Policy, Operation Security Policy, Physical and Environmental Security Policy, and 10+ additional policy documents.
trust.memoq.com// Products & data scope
data: Processes all translation content, project data, translation memories, termbases, and user data. Can be deployed on-premises, on private cloud (Azure), or as a managed hosted service. On-premises deployments give the customer full data control.
Primary enterprise product. Supports flexible workflow management, quality checks, and connectivity. On-prem option available for Professional and Premium tiers. Hosted option uses dedicated Azure servers with daily geo-redundant backups.
data: Cloud-based AI translation; data sent to LLM providers per the AI Solutions terms. Customer prompts and outputs are contractually prohibited from being used to train LLMs. Customer is responsible for ensuring lawful processing of translated content.
Uses third-party LLM providers. LLM provider terms apply alongside memoQ's terms. Section 31 of General Terms prohibits use of customer inputs/outputs for model training.
data: Desktop translation tool for individual freelance translators. Data primarily stays local unless connected to memoQ TMS or cloud features. Lower enterprise compliance overhead.
Designed by translators for translators. Can operate standalone or connect to memoQ TMS server. Less relevant to enterprise compliance assessments.
data: Generative AI translation using existing language resources without requiring model training or adjustment. No model retraining on customer data by design.
Newest AI product. Explicitly does not require AI model training on customer data. Leverages existing translation memories and termbases without altering AI workflows.
// What to watch
- ISO 27001 certificate issued by TUV SUD previously expired October 2025; Trust Center now lists ISO 27001 v2022 as Compliant but no public renewal certificate PDF was accessible for verification. The trust center is live and operated via Sprinto compliance platform.
- EU data residency for cloud-hosted TMS is not explicitly guaranteed; geo-redundant backups cross datacenter regions. On-premises deployment eliminates this concern.
- No public bug bounty program identified on HackerOne or Bugcrowd.
- HIPAA compliance is not claimed or evidenced; relevant for US healthcare localization use cases.
// At a glance
Pricing model
Subscription-based (cloud) and perpetual + annual SMA (on-premise). Enterprise pricing requires contacting sales. Translator pro has individual tiers. TMS Professional and Premium tiers include on-premise deployment rights.
Self-hostable
Yes
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on memoQ Zrt.'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
trust.memoq.com