Legal · Blue-IQ

Security

Last updated 1 June 2026

Security is engineered into Blue-IQ at every layer. This page summarises our controls; a detailed overview is available to customers on request.

Authentication

Sign-in uses the Secure Remote Password protocol via Amazon Cognito, so passwords never traverse the network. Every API request is gated by a verified JSON Web Token; MFA can be enforced per tenant.

Encryption

All traffic is encrypted in transit with TLS 1.3. Files, database records, and search indices are encrypted at rest with AES-256.

Tenant isolation

Each customer's data is partitioned by tenant, and every request re-checks that the record's tenant matches the caller's verified token — so one customer can never read another's data.

Compliance

Blue-IQ is aligned to SOC 2, GDPR, and HIPAA controls, plus WCAG 2.1 AA and ADA accessibility standards. Current reports are available under NDA.

Reporting an issue

Found a vulnerability? Please disclose it responsibly to security@blue-iq.ai.

This page is a plain-language summary and not a substitute for the executed agreement. For the binding document, contact our team.