BIQc
Try for Free
Home Meet BIQc Solutions Small & Medium Business Enterprise Governance Integrations Pricing Trust Log in Try for Free
Trust Centre · Security

Security & Infrastructure

The technical controls protecting your data — encryption, access control, network security, monitoring and incident response.

What this means for you
  • Everything stored is encrypted (AES-256); everything moving is encrypted (TLS 1.2 or higher, TLS 1.3 preferred).
  • Access follows least privilege: people and systems can only reach what their role allows.
  • All access is logged and auditable.
  • If an incident occurs, response begins within 72 hours of detection, followed by review and remediation.

Infrastructure overview

BIQc operates with customer data hosted in Australian infrastructure and managed provider services. AI model processing is performed by approved providers and can occur outside Australia, under the training restrictions disclosed in the AI Learning Guarantee. The architecture is designed for high availability, security, and data governance transparency.

Encryption

At rest

All stored data is encrypted using AES-256 with automatically rotated encryption keys. Database-level encryption ensures data protection at the storage layer.

In transit

All data transmitted between systems uses TLS 1.2 or higher (TLS 1.3 preferred). API communications are secured with mutual TLS where applicable.

Access controls

  • Role-based access control (RBAC) with the least-privilege principle.
  • Row-level security controls at the database layer scoping each workspace, under continuous hardening.
  • Session management with automatic timeout.
  • Administrative access restrictions for privileged operations.
  • All access logged and auditable.

Network security

  • Web Application Firewall (WAF) protection.
  • DDoS mitigation.
  • Network segmentation and isolation.
  • Intrusion detection and prevention systems.

Monitoring & incident response

  • Continuous infrastructure monitoring with automated anomaly detection.
  • Incident response initiated within 72 hours of detection.
  • Post-incident review and remediation.

Compliance

  • Privacy Act 1988 (Cth) compliance and Australian Privacy Principles adherence.
  • SOC 2 Type II controls alignment — certification in progress (see the Trust Centre hub for current status).
  • Regular third-party security assessments.

Reporting a vulnerability

If you believe you've found a security issue, email support@biqc.ai with the subject "Security disclosure". Reports reach a human and are acknowledged.

Version 1 Effective: February 2026 Last reviewed: February 2026 Contact: support@biqc.ai