Security at primIQ.ai

Security is foundational to everything we build at primIQ.ai. We design our systems (CivIQ, LogIQ, chatbot, and infrastructure) with security-first principles to protect user data, meeting content, code, and intellectual property.

Security Practices

  • Encryption: Data in transit is protected with TLS 1.2+ (including modern TLS configurations on CloudFront and API Gateway). Data at rest is encrypted using AWS-managed encryption (SSE-KMS or equivalent).
  • Access Controls: Least-privilege IAM roles, MFA on all internal accounts, and role-based access for users.
  • Authentication: Cognito for secure login with JWT tokens and short-lived sessions.
  • Integrations: OAuth for Zoom/Teams/Jira/GitHub/Slack — never store long-term credentials.
  • AI Model Safety: Claude models run via Bedrock (AWS-managed), with prompt filtering and output guardrails to prevent harmful content.
  • Audit & Monitoring: All API calls and agent actions are logged. CloudWatch alarms detect anomalies. Regular dependency and workflow checks.
  • Data Handling: Meeting transcripts and user content are processed ephemerally when possible. No training on user data without explicit consent.

Beta Security Notes

CivIQ and LogIQ are in beta/pre-beta. While we apply enterprise-grade controls, beta software may contain undiscovered issues. We encourage responsible disclosure — report security concerns to security@primiq.ai.

Responsible Disclosure

If you discover a security vulnerability, please report it responsibly to security@primiq.ai. We do not engage in legal action against good-faith researchers who follow responsible disclosure guidelines.

Compliance

We are working toward SOC 2 Type 1 (target: 2026) and follow best practices aligned with GDPR/CCPA principles, even though we are not yet formally certified.

  • NIST SP 800-53: Architecture and operational controls are mapped to relevant control families as we mature our security program.
  • SOC 2 domains: Focus on Security, Availability, and Confidentiality control objectives for the platform.
  • ISO/IEC 27001: Security posture is aligned to an ISMS-style approach (policies, risk management, access control, change management).
  • CJIS: For law-enforcement use cases, CJIS-aligned deployments require dedicated hosting and configuration.
  • FedRAMP: We can provide a readiness narrative and control mapping for federal positioning on request.

Contact

Security questions or concerns? Email: security@primiq.ai
General privacy questions: info@primiq.ai