Audit-IQ RegTech

Security Overview

Audit-IQ applies industry-standard security practices to safeguard customer data and ensure platform reliability. This page provides a high-level overview of our security posture.

1. Infrastructure

  • Hosted on secure cloud environments with modern isolation controls
  • Encrypted communication using TLS/HTTPS
  • Regular patching and security updates across services and dependencies
  • Environment separation for development and production systems

2. Data Protection

  • Encryption in transit (HTTPS/TLS)
  • Access-restricted document processing pipelines
  • Customer content is not used to train external AI models
  • Data minimisation and retention aligned with operational requirements

See also: Privacy Policy and Data Residency.

3. Access Controls

  • Role-based access controls (least privilege) for internal operations
  • Production access restricted to authorised personnel only
  • Administrative actions are logged and monitored
  • Authentication safeguards are applied to reduce unauthorised access risk

4. Logging & Monitoring

  • Continuous monitoring for errors, anomalies, and suspicious activity
  • Operational logs used for reliability, troubleshooting, and security investigations
  • Alerting for key system health and abnormal patterns

Logs are retained only as needed for operational and security purposes.

5. Backup & Recovery

  • Routine backups to support recovery from accidental deletion or system failure
  • Recovery procedures designed to restore service within a reasonable timeframe
  • Ongoing improvements to resilience and disaster recovery as the platform scales

6. Subprocessors & Vendor Security

Audit-IQ relies on trusted subprocessors for infrastructure and platform operations (e.g., hosting, email delivery, payment processing, and AI infrastructure). We review subprocessors for security and privacy controls appropriate to their role.

A list of subprocessors is available on our Subprocessors page.

7. Incident Response

We maintain internal procedures to identify, investigate, contain, and remediate security incidents.

In the event of a material security incident impacting customer data, we will notify affected customers in accordance with applicable law and our contractual commitments.

8. Vulnerability Reporting

We welcome responsible disclosure of security vulnerabilities. Please report potential security issues to:

📧 founder@audit-iq.com

Please do not publicly disclose vulnerabilities until we have had a reasonable opportunity to investigate and remediate. We do not authorise testing that degrades service availability or attempts to access other customers' data.

9. Compliance Intent

While Audit-IQ is not currently certified, we follow principles aligned with widely used security and privacy frameworks, including:

  • ISO 27001 (information security management principles)
  • SOC 2 (security, availability, and confidentiality principles)
  • Australian Privacy Act (APA 2024) considerations
  • GDPR-aligned practices for future EU expansion

As the platform grows, we will formalise controls, documentation, and certification efforts aligned with customer needs.

10. Contact

For security-related questions:
📧 founder@audit-iq.com