Trust Center

Audit-IQ is a compliance operations platform built for regulated industries. This page is the single entry point for our security posture, privacy commitments, data handling practices, and legal documentation.

Independent export verification

Every Audit-IQ export includes a SHA-256 verification hash. Any auditor, regulator, or third party can confirm that the file they received is byte-for-byte identical to what was generated — without creating an account or contacting the issuing organisation.

Verify an export

Our security commitments

✓Encryption at rest and in transit. All stored data is encrypted with AES-256 (Supabase). All connections require TLS 1.2 or higher.
✓Strict organisation isolation.No cross-tenant data access. Each organisation's data is isolated at the database query level.
✓No intentional AI training on customer data. Audit-IQ does not intentionally use customer content to train AI models. Customer content is processed only to provide the Service.
✓Role-based access control. Granular roles (Owner, Admin, Member, Auditor, Client) enforce least-privilege access across all workspace features.
!Not currently certified. We are not SOC 2, ISO 27001, or IRAP certified at this stage. Our controls are designed to align with those frameworks as we scale toward certification.

Designed for compliance workflows across multiple jurisdictions

Audit-IQ is designed to support SMBs, professional service firms, and compliance consultants operating under a range of regulatory frameworks — including the Australian Privacy Act 1988 (APA 2024), the Essential Eight, the DIFC Data Protection Law, ISO 27001, and SOC 2. The platform is built for engagement models common across the Australian, DIFC, and broader international compliance market.

Audit-IQ is a technology platform and does not provide legal or regulatory advice. Whether the platform satisfies your specific regulatory obligations is a matter for your legal counsel to assess. Organisations with specific data residency, cross-border transfer, or contractual requirements should contact legal@audit-iq.com before procurement.

Audit-IQ is operated by RIO ENTERPRISE, Bengaluru, India.

Trust & legal documentation

Security Overview

Infrastructure, encryption, access controls, incident response, and responsible disclosure policy.

How we collect, use, store, and protect personal information. Includes your rights and OAIC complaint pathway.

Data Residency

Where your data is stored and processed, cross-border transfer disclosures, and AI processing details.

Subprocessors

Third-party service providers we use to operate the platform, including purpose, provider, and processing location.

Data Processing Agreement

Draft DPA structure for procurement discussion. Not a binding agreement — legal review required before use.

The agreement that governs use of the Audit-IQ platform, including ACL savings clause for Australian customers.

Acceptable Use Policy

Prohibited uses, AI feature restrictions, consultant obligations, and export control requirements.

Legal Changelog

Version history for all legal and trust documents. Useful for procurement review and tracking material changes.

Platform Documentation

Technical documentation covering controls, evidence handling, audit periods, and known limitations.

Contact

For security, privacy, or legal questions, use the appropriate contact below:

Security vulnerabilities and incident reports: security@audit-iq.com
Privacy and personal data requests: privacy@audit-iq.com
Legal, compliance, and data residency: legal@audit-iq.com
General enquiries: hello@audit-iq.com