Skip to content

Trust

Security at SimplifiedIQ

This page is maintained by SimplifiedIQ to answer common security questions about the Capability Verification™ platform. It describes controls that are currently enabled in the Service. It is not a third-party certification; for compliance attestations, contact us at the address below.

Last updated June 20, 2026

Encryption

TLS 1.2+ for data in transit; AES-256 for data at rest at our cloud providers.

Access control

Role-based access, least-privilege defaults, and SSO/SAML available for enterprise workspaces.

Infrastructure

Hosted on reputable cloud providers in hardened, isolated environments with infrastructure-as-code.

Monitoring

Centralized logging, anomaly detection, and 24/7 alerting on security-relevant events.

Audit-ready records

Capability Records include cryptographic hashes so evidence can be independently verified.

Secure SDLC

Code review, automated dependency scanning, and pre-deploy security checks on every change.

Shared responsibility

SimplifiedIQ secures the platform; Customers are responsible for managing their users, configuring verification controls appropriately for their assignments, and ensuring the lawful basis for processing employee or contractor information uploaded to the Service.

Data handling

  • Customer Content is logically separated by workspace.
  • Production access is restricted to a small number of authorized engineers and is audit-logged.
  • Backups are encrypted and retained on a rolling schedule designed to support recovery without retaining data longer than needed.
  • Customer Content is deleted on a defined schedule following termination, subject to legal retention requirements.

Verification integrity

Capability Records include a cryptographic hash linking the person, training source, assessment items, verification controls, score, and timestamp. The hash allows recipients to confirm a record has not been altered after issuance.

Sub-processors

We use a limited set of sub-processors for hosting, email delivery, analytics, and AI infrastructure. A current list is available on request to support@simplifiediq.com.

Incident response

We maintain an incident-response plan covering detection, containment, eradication, recovery, and Customer notification. If we confirm a security incident affecting Customer data, we will notify affected Customers without undue delay and provide the information needed to meet their own obligations.

Responsible disclosure

If you believe you've found a security issue, please report it to support@simplifiediq.com. We appreciate good-faith research and will work with you on coordinated disclosure. Please do not access or modify data that does not belong to you, and avoid testing that could degrade the Service.

Contact

Security questions, due-diligence requests, or documentation: support@simplifiediq.com.