Enterprise-grade security, built in

ProbeIQ is designed from the ground up for sensitive research data. Encryption, compliance, and audit trails aren't add-ons — they're foundational.

HIPAA Ready

Field-level PII encryption, access controls, and audit logging for protected health information.

SOC 2 Ready

Controls mapped to SOC 2 Trust Services Criteria — security, availability, and confidentiality.

GDPR Compliant

Per-survey consent management, data deletion requests, and configurable retention policies.

CCPA Compliant

Right to know, right to delete, and right to opt-out workflows built into the platform.

Security at every layer

Encryption at Rest

All PII (email, phone, name, address) is encrypted using AES-256 before storage. Database-level encryption on AWS RDS.

Encryption in Transit

All API communication is encrypted with TLS 1.2+. HTTPS enforced on all endpoints with HSTS headers.

Immutable Audit Logs

Append-only audit trail capturing every action with user, IP, timestamp, and resource details. 7-year retention for Enterprise.

Role-Based Access Control

Six workspace roles (Owner, Admin, Researcher, Analyst, Viewer, Client Viewer) with per-route enforcement.

Data Retention Policies

Configurable per-survey deletion timeframes. Automated purge with full audit trail and status tracking.

US Data Residency

All data stored in AWS us-west-2 (Oregon). No data leaves the United States. Multi-AZ redundancy in production.

Rate Limiting & WAF

Global request throttling, CORS enforcement, and Helmet.js security headers on all API endpoints.

Consent Management

Immutable consent records with IP address, user-agent, and timestamps. Configurable consent text and decline redirects.

Need a security review?

Our team is ready to walk through our security architecture with yours.