Where your data lives, how it's encrypted, who can access it, what the AI is allowed to read, and the audit trail behind every operation. No marketing fog โ just the questions your security team will ask, with real answers.
Every byte you store with us is encrypted with AES-256 using per-tenant keys. Every byte we send across the wire uses TLS 1.3. API secrets and webhook signing keys are sealed with envelope encryption โ never logged in plaintext anywhere.
Owner, admin, support & custom roles. 2FA on every account. SSO available on Business plans.
Replay protection via timestamp + nonce. Idempotency keys on all write APIs. Per-connector secret rotation.
Every call goes through an action contract with role gates and confirmation policies. Risky operations require explicit human approval โ always.
Every admin action, every AI turn, every webhook delivery โ logged with actor, timestamp, IP, duration. CSV export.
IP firewall & CIDR blocklists, bot/threat scoring on visitor logs, rate limiting, replay-protected gateway events.
Our cloud platform is engineered with the controls security teams expect. Self-hosted customers retain full control of their data residency, retention and audit policy.
Data subject access, deletion & export workflows built into the account portal.
Built-in consent banner with regional defaults & per-cookie opt-in.
Do-not-sell signals respected; per-customer data deletion endpoints exposed.
BAA available for Business plan customers handling protected health information.
Immutable audit logs & access trails compatible with SOC 2 Type II reviews.
Cloud regions in EU & West Africa. Self-hosted means you pick the region.
Multi-tenant cloud at cloud.opsiqai.com. Per-tenant encryption keys, isolated databases per workspace, regional data residency. The fastest path to production.
Dedicated tenant database with isolated credentials, optional dedicated VM, custom domain. For teams whose contracts or compliance need stronger isolation than shared multi-tenant.
Install OpsIQ on your own infrastructure. Same code as cloud, you keep the data path end-to-end. Activate with a license key, run the installer, you're operational in under an hour.
No. We do not train any model on customer data. AI calls hit Anthropic, OpenAI or your chosen provider with the live conversation context only โ providers' standard data handling applies (most don't train on API traffic by default).
Multi-tenant cloud runs in EU and West Africa today. Dedicated cloud customers can choose region at provisioning. Self-hosted customers run wherever they like.
Public API keys are stored in plaintext (they're meant to be shared); secret keys and webhook signing secrets are stored encrypted with AES-256 using a per-install key derived from your environment.
Yes. Every customer record exposes a "delete & export" button in the account portal. Operators can also call POST /v1/customers/{id}/erase programmatically. Audit log entries about the deletion itself are retained for 12 months for compliance review.
Live status at /status. We notify affected customers within 30 minutes for any operational incident, post a public RCA within 5 business days, and credit cloud customers per the SLA terms.
The /compliance page lists every subprocessor (cloud infra, AI providers, payment gateways, email delivery), what data they handle, and where they sit. We notify customers in advance of any change.
Yes. AI History (owner-only) records every admin / customer / writing turn with the exact rendered prompt, the AI response, the action result if any, the duration and the actor. Filter, search and export to CSV.
Whether you need a DPA, a custom BAA, a security questionnaire walked through, or a dedicated single-tenant cloud โ start the conversation and we'll get the right person on the call.