Official Document

Security
& Compliance

Enterprise-grade infrastructure designed for the most demanding security requirements.

Legal Officer
Reviewed ByLegal Operations
Last Updated
February 3, 2026
Status
Active & Binding
01

Encryption Standards

All data within OkayIQ is protected by industry-leading encryption protocols. We ensure that your data is safe whether it is sitting in our database or traveling across the web.

Encryption at Rest: All databases and backups use AES-256 encryption.
Encryption in Transit: All communication is forced over TLS 1.3 with HSTS.
Key Management: We use hardware security modules (HSM) for managed keys.
02

Logical Data Isolation

We utilize a multi-tenant architecture with strict logical separation. Every customer's training data and conversation history is isolated at the database level, ensuring no data leakage can occur between instances.

03

Infrastructure & SOC2

Our platform is built on physical infrastructure provided by AWS and Google Cloud, which maintain SOC2 Type II, ISO 27001, and HIPAA compliance. We perform regular internal audits and external penetration testing annually.

04

Vulnerability Disclosure

We maintain an active bug bounty program and a clear channel for security researchers. If you believe you have found a security vulnerability in OkayIQ, please contact our security team immediately.

Need specific legal language?

For Scale and Enterprise customers, we offer custom Data Processing Agreements (DPA) and Master Service Agreements (MSA) tailored to your specific compliance needs.