Security & Trust

Overview

Readiness IQ was created for security-conscious SaaS teams that value practical protection as much as simplicity. Every layer of our platform, authentication, encryption, and infrastructure, follows modern best practices to safeguard customer data and maintain availability. Our guiding principle is clear: collect less, protect more, and stay transparent.

Authentication & Access Control

Strong identity and access management protect every workspace. Each user’s access is limited to what is necessary for their role, and sessions remain secure throughout their lifecycle.

  • Multi-Factor Authentication (MFA) available for all accounts
  • Role-Based Access Control for members, editors, admins, and superadmins
  • Team-level data isolation enforced through row-level permissions
  • Session management with inactivity timeouts
  • Secure password hashing and encrypted transport for all sign-ins

Data Protection & Encryption

Data confidentiality and integrity are maintained with strong encryption standards and least-privilege controls at every boundary.

  • All customer connections use HTTPS with modern TLS (TLS 1.3 or later)
  • All data at rest encrypted using AES-256 or equivalent standards
  • Access to stored files restricted to authorized team members only
  • Secrets and credentials managed securely on the server side
  • Minimal data retention, only what’s required to deliver the service

Privacy & Confidentiality

Protecting user privacy is central to how we operate. Personal information is handled with discretion and used solely to support legitimate product functionality.

  • No sale or sharing of personal data with third parties
  • Data usage limited to authentication, training progress, and notifications
  • Customer content remains the exclusive property of each organization
  • Practices aligned with GDPR and CCPA principles for access and deletion
  • Internal staff bound by confidentiality and least access principles

Infrastructure & Hosting

Readiness IQ runs on a modern, cloud-native platform with global distribution, high availability, and continuous deployment controls. All components operate within certified data centers that meet international security standards.

  • Content delivered through a secure global content delivery network (CDN)
  • Application data stored in managed, encrypted relational databases
  • Isolated environments for development, staging, and production
  • Deployment pipeline with change review and rollback
  • Underlying cloud providers maintain independent certifications such as SOC 2 and ISO 27001

Backups & Business Continuity

Reliability is built into our operations. Regular backups and redundancy safeguards ensure your data can be recovered quickly and accurately if an outage occurs.

  • Automated daily backups with restore verification
  • Redundant storage across multiple availability zones maintained by our cloud providers
  • Defined recovery objectives for minimal downtime and data loss
  • Regular testing of disaster-recovery and restoration procedures
  • Availability is continuously monitored via managed service health systems

Application Security

Our engineering process integrates security into each stage of development and deployment, ensuring secure defaults and verified configurations throughout the stack.

  • Secure coding practices and peer code reviews
  • Type-safe development with automated dependency checks during each build
  • HTTPS-only traffic and security headers (including CSP where applicable)
  • Input validation and sanitization for all forms and uploads
  • Periodic access reviews for sensitive configuration and secrets

Monitoring & Incident Response

We maintain continuous visibility into application health and have clear procedures for responding to and learning from security events.

  • Real-time operational monitoring and alerting
  • 24-hour initial response target for any confirmed incident
  • Root-cause analysis and corrective action tracking
  • Periodic tabletop exercises to validate response readiness
  • Transparent communication with affected customers if issues arise

Compliance & Trust

Readiness IQ aligns its internal controls with recognized frameworks and helps customers produce evidence for their own audits through built-in reporting and tracking features.

  • Alignment with SOC 2 Trust Services Criteria: Security, Availability, Confidentiality
  • Evidence-ready reports for training completion and policy acknowledgments
  • Periodic internal control reviews and access audits
  • Vendor risk reviews for all critical service providers

Responsible Disclosure

We welcome responsible vulnerability reports from the security community. Researchers acting in good faith within our disclosure guidelines are provided safe harbor, and validated findings are remediated promptly with acknowledgment of contribution.