Security & Trust
At ApexIQ, security and trust are built into how we design, deploy, and operate our AI products and services. This page explains the safeguards we use to protect information, how we handle AI processing, and what we can provide during customer security and procurement reviews.
1. Our Security Approach
ApexIQ follows a security-by-design approach across products and delivery engagements:
Risk-based controls aligned to industry best practices
Least-privilege access and role-based permissions
Secure development practices and controlled change management
Continuous monitoring for security and reliability events
Defense-in-depth across infrastructure, applications, and access layers
2. Certifications & Quality Standards
ApexIQ is certified to internationally recognized standards:
ISO/IEC 27001
Information Security Management System (ISMS)
ISO 9001
Quality Management System (QMS)
Evidence: Certificates, scope details, and supporting documents can be shared upon request.
3. Data Protection Controls
We implement administrative, technical, and organizational safeguards designed to protect customer and business data:
A) Encryption
Data is encrypted at rest (using industry-standard algorithms) and in transit (via TLS/HTTPS)
B) Access Control
Role-based access control (RBAC) and least-privilege principles are applied
C) Isolation
Logical or physical isolation controls are used to prevent data commingling between customers
4. AI Safety and Model Usage
No Training on Customer Data
We do not use Customer Data to train or improve general-purpose AI models
Model Selection
Customers can choose from supported providers (AWS, Azure, Google, Cloudflare)
Data Minimization
We only process the specific data required for the AI task (inference)
Reliability
AI outputs are probabilistic; we recommend human-in-the-loop (HITL) for critical workflows
5. Deployment Options
To meet varying security needs, we support:
SaaS
Multi-tenant cloud with strong isolation
Dedicated Cloud
Single-tenant environments for specific customers
Private / On-Prem
Local deployments for highly sensitive workloads (where feasible)
6. Vulnerability Management & Incident Response
Scanning
Periodic vulnerability assessments of our infrastructure
Incident Response
We maintain a formal plan to detect, respond to, and recover from security incidents
Notification
We commit to timely notification of data breaches in accordance with our legal and contractual obligations
7. Business Continuity & Disaster Recovery
We maintain backup and recovery procedures to ensure service availability and data resilience in the event of infrastructure failures or disasters.
8. Subprocessors and Third Parties
We use vetted third-party providers for infrastructure, AI processing, monitoring, and communications. These providers are bound by confidentiality and security obligations.
Note: A list of key subprocessors is available upon request.
9. Customer Responsibilities (Shared Security Model)
Security is a shared responsibility. Customers are responsible for:
Managing user access and permissions within their accounts
Securing their own endpoints and networks
Controlling what data is submitted for processing
Applying appropriate human review to AI outputs
Shared Security Model: While ApexIQ implements robust security controls for our infrastructure and services, customers play a critical role in maintaining the overall security posture by following security best practices on their end.
10. Security Contact
For security-related inquiries or to request security documentation:
Security Contact
Email: contact@apexiq.ai
Subject: Security & Trust / Security Review Request
Security Documentation:
For enterprise customers undergoing security reviews, we can provide additional documentation including security questionnaires (SIG, CAIQ), penetration testing reports (summary), architecture diagrams, and compliance attestations. Please contact our security team at to request specific materials. contact@apexiq.ai