Security practices

This page summarizes the current security posture and scope of controls available today.

Data encryption

Traffic between browsers and InspectIQ is encrypted in transit using TLS. Stored data relies on encryption-at-rest controls provided by managed cloud infrastructure services.

Authentication and account access

User authentication is session-based with token-backed server validation. Multi-factor authentication for customer accounts is not available yet.

Tenant isolation

Workspace boundaries are enforced through role checks and database-level access controls so users only access authorized organization data.

Logging and auditability

Operational and security-relevant events are logged for troubleshooting and review, including key account and sharing actions.

Backups and recovery

Backup and recovery controls are currently in progress for formal customer-facing recovery objectives and documentation.

Vulnerability management

Dependencies and runtime components are updated through regular maintenance cycles and monitored release workflows.

Security questions: security@inspectiq.me