Legal · Blue-IQ
Security
Last updated 1 June 2026
Security is engineered into Blue-IQ at every layer. This page summarises our controls; a detailed overview is available to customers on request.
Authentication
Sign-in uses the Secure Remote Password protocol via Amazon Cognito, so passwords never traverse the network. Every API request is gated by a verified JSON Web Token; MFA can be enforced per tenant.
Encryption
All traffic is encrypted in transit with TLS 1.3. Files, database records, and search indices are encrypted at rest with AES-256.
Tenant isolation
Each customer's data is partitioned by tenant, and every request re-checks that the record's tenant matches the caller's verified token — so one customer can never read another's data.
Compliance
Blue-IQ is aligned to SOC 2, GDPR, and HIPAA controls, plus WCAG 2.1 AA and ADA accessibility standards. Current reports are available under NDA.
Reporting an issue
Found a vulnerability? Please disclose it responsibly to security@blue-iq.ai.
This page is a plain-language summary and not a substitute for the executed agreement. For the binding document, contact our team.