OpsIQ is engineered around the principle that an AI which can write to your business needs to ask permission first. Every action is contracted, scoped, signed, role-checked and audited. No shortcuts, no surprises, no off-policy operations.
AES-256 with envelope encryption for every byte stored. TLS 1.3 for every byte in flight. Per-tenant key separation on cloud โ one tenant's keys cannot decrypt another's data, even with full database access. API secrets and webhook signing keys are sealed; never logged in plaintext, never returned via API after creation.
Google Authenticator on every account. SAML / OIDC SSO on Business+. Roles: owner, admin, support, custom โ with per-action gating and confirmation policies.
HMAC-SHA256 over the raw body. Replay protection via timestamp + nonce. Idempotency keys on writes. Per-connector secrets you can rotate without downtime.
Every action is a registered contract โ declared scope, declared roles, declared parameters. Risky writes always require explicit human confirmation. Off-contract AI output is rejected at the brain layer before it reaches your endpoints.
Every admin action, every AI turn, every webhook delivery โ captured with actor, IP, timestamp, params, response, duration. CSV export. 12-month retention by default; longer for HIPAA / regulated workloads.
IP firewall & CIDR blocklists, bot & threat scoring on visitor logs, rate limiting on all public endpoints, replay-protected gateway events, account-takeover detection on suspicious logins.
24/7 on-call rotation for P0 incidents. Initial customer notification within 30 minutes for confirmed P0; 4 hours for P1. Public root-cause analysis within five business days of resolution. Live status at /status. Status pages are emailable, RSS-able and machine-readable for your own dashboards.
No. AI calls hit the model provider you choose (Anthropic, OpenAI, Gemini, Grok or self-hosted) with the live conversation context only. Provider standard data handling applies โ most don't train on API traffic by default.
Multi-tenant cloud runs in EU and West Africa today. Dedicated cloud customers pick the region at provisioning. Self-hosted: wherever you install it.
Public keys (the shareable ones) are stored as-is. Secret keys and webhook signing secrets are AES-256 sealed with a per-install derived key, retrievable only by the tenant they belong to. They cannot be re-fetched via the API after creation โ only rotated.
Yes. Account โ Privacy has a self-service delete & export. Operators can also call POST /v1/customers/{id}/erase. Audit log entries about the deletion itself are retained for 12 months for compliance review.
30-day export window. After that, primary records are deleted from production; backups roll off the standard 30-day rotation; all copies are gone within 60 days of cancellation.
Yes โ /.well-known/security.txt. Vulnerability disclosure email: security@opsiqai.com. We acknowledge within one business day and have a public bug-bounty program for material findings.
Annual third-party pen-test plus continuous internal red-teaming. Summary reports available under NDA.
Vendor questionnaire, DPA, BAA, SOC 2 progress letter, pen-test summary, dedicated cloud โ start the conversation, we'll get the right person on the call.