Your Compliance Data,
Protected at Every Layer.
IQBinder is built with security-first architecture. Multi-tenant isolation, granular access control, immutable audit trails, confidentiality hierarchy, and AI authorization are foundational — not afterthoughts bolted onto a generic platform.
Security Architecture
Every layer of IQBinder is designed to protect your compliance data with enterprise-grade controls. These aren't configuration options — they're built into the architecture.
Encryption at Rest & in Transit
All data encrypted using AES-256 at rest and TLS 1.3 in transit. Database connections use SSL. API traffic is HTTPS-only. No unencrypted data paths exist.
Multi-Tenant Data Isolation
Every database query is scoped to the authenticated tenant at the storage layer. Cross-tenant data access is not architecturally possible — it's enforced at the query layer, not just the application layer.
9-Role RBAC Model
Granular permissions across nine distinct roles: executive admin, super admin, compliance manager, safety manager, HR manager, department manager, supervisor, auditor, and employee. Each role has defined capabilities — not just "admin" and "user."
Confidentiality Hierarchy
Four-level confidentiality classification (public, internal, confidential, restricted) with role-based visibility enforcement across documents, records, and AI queries. Restricted documents don't appear in unauthorized views.
Immutable Audit Trail
Append-only audit logging captures every create, update, delete, and status change with user attribution, timestamp, and IP address. Audit logs cannot be modified or deleted — even by administrators.
Soft Delete Architecture
Compliance-critical entities are never permanently deleted. Soft delete preserves full history for regulatory review while removing data from operational views. Auditors can always reconstruct the timeline.
Tenant-Scoped Storage Layer
Enterprise-grade PostgreSQL database with tenant isolation enforced at the storage layer. Every query — including search, reporting, and AI context retrieval — is scoped to the authenticated tenant.
Session-Based Authentication
Secure session management with HTTP-only cookies and configurable session expiration. No tokens stored in localStorage or client-side storage — sessions are server-managed.
Input Validation & Sanitization
All API inputs validated with Zod schemas before reaching business logic. SQL injection prevented through parameterized queries via Drizzle ORM. XSS protection through React's built-in output escaping.
AI Access Control
Multi-layer AI authorization: tenant isolation, role-based filtering, department scoping, confidentiality hierarchy enforcement, and object-level policy evaluation on every AI query.
Tenant Isolation in Detail
Data isolation is not just a feature in IQBinder — it's an architectural guarantee. Every data path is tenant-scoped.
- Every database query includes the authenticated tenant ID — there is no query path that returns data from another tenant
- Search indexes, reporting aggregations, and dashboard metrics are all tenant-scoped at the query level
- AI context retrieval passes through the same tenant isolation layer as all other data access
- Background jobs (health scoring, notifications, reminders) operate within tenant boundaries
- File storage is organized by tenant with tenant-scoped access controls
9-Role Permission Model
IQBinder's RBAC model provides nine distinct roles — each with defined capabilities that match real organizational structures. Not just "admin" and "user."
| Role | Access Scope |
|---|---|
| Executive Admin | Full organization visibility including all departments, confidentiality levels, and administrative functions |
| Super Admin | System configuration, user management, and cross-department operational access |
| Compliance Manager | Standards mapping, CAPA management, audit oversight, and compliance reporting |
| Safety Manager | Incident management, safety inspections, hazard tracking, and safety analytics |
| HR Manager | Training records, acknowledgment campaigns, personnel compliance, and role management |
| Department Manager | Department-scoped access to documents, records, and operational data |
| Supervisor | Team-level operational access with limited administrative capabilities |
| Auditor | Read-only access to compliance evidence, designed for external auditor review |
| Employee | Personal tasks, assigned documents, acknowledgments, and incident reporting |
Controlled Visibility
IQBinder's four-level confidentiality hierarchy ensures sensitive compliance data is visible only to authorized roles. This applies to documents, records, AI queries, and search results.
Visible to all authenticated users within the tenant. Appropriate for general policies and company-wide procedures.
Visible to roles above employee level. Operational documents, departmental procedures, and standard work instructions.
Visible to managers and above. Audit findings, CAPA details, investigation reports, and sensitive operational data.
Visible only to executive admin and explicitly authorized roles. Legal documents, incident investigations, and sensitive personnel records.
Immutable Audit Trail
Every action in IQBinder is logged in an append-only audit trail. Logs cannot be modified or deleted — even by administrators. Here's what we capture:
Evidence Traceability
Every compliance artifact in IQBinder is traceable — from the standard clause it satisfies, through the evidence that supports it, to the user who created or modified it.
Clause-to-Evidence Mapping
Every document, record, and CAPA links to specific standard clauses. The evidence chain is explicit — not implied by folder location or file naming.
Temporal Traceability
The Evidence Timeline provides a chronological view of all compliance activity. Reconstruct what happened, when, and by whom — across all modules.
Health Score Provenance
Each health score is backed by the specific evidence that generated it. Drill down from a score to the documents, records, and CAPAs that contribute.
User Attribution
Every action is attributed to a specific user with timestamp and IP. There is no anonymous modification path in IQBinder.
Security Controls Summary
IQBinder's security controls align with the requirements organizations face across SOC 2, ISO 27001, and data protection regulations.
Data Encryption
- AES-256 at rest
- TLS 1.3 in transit
- SSL database connections
- HTTPS-only API traffic
Access Control
- 9-role RBAC model
- Department-scoped permissions
- Confidentiality hierarchy
- Object-level policies
Audit & Monitoring
- Immutable audit trail
- User attribution on all actions
- Session tracking
- AI query logging
Data Protection
- Multi-tenant data isolation
- Soft delete architecture
- Configurable data retention
- Tenant-scoped backups
Application Security
- Input validation (Zod schemas)
- SQL injection prevention (ORM)
- XSS protection (React)
- API field whitelisting
AI Governance
- 6-layer AI access control
- Permission-respecting context
- Content exclusion controls
- No cross-tenant training
How We Handle Your Data
Transparency about our data practices — because compliance teams should expect the same rigor from their tools that they enforce in their organizations.
Is my data shared between tenants?
Never. Every database query is scoped to the authenticated tenant at the storage layer. There is no architectural path for cross-tenant data access — it's enforced at the query level, not just the application layer.
Can IQBinder employees access my data?
Access to customer data requires explicit authorization and is logged. We follow the principle of least privilege for all internal access. Administrative access to production data is limited and audited.
Does the AI train on my data?
No. IQBinder's AI uses your data only for real-time query context within your tenant. No customer data is used for model training, fine-tuning, or shared across organizations. AI context is ephemeral — it exists only during query execution.
What happens to my data if I cancel?
You can export your data at any time in standard formats. After cancellation, data is retained for a configurable period before secure deletion, with audit trail preserved per regulatory requirements.
Where is my data stored?
IQBinder uses enterprise-grade PostgreSQL with encrypted storage. Deployment infrastructure uses industry-standard cloud providers with SOC 2 certified data centers.
How is the audit trail protected?
Audit logs are append-only — they cannot be modified or deleted, even by administrators. Every change to compliance-critical entities is captured with user attribution, timestamp, and IP address.