Trust Center

How AIQ protects your team and your data

AIQ helps leaders grow their team's AI IQ with measurable evidence. That work depends on trust. This page explains the controls we have in place today, what we are building next, and how to verify our service health in real time.

Last reviewed 2026-04-26

Service status

Probed every 5 minutes against the live database.

All systems operational

Last 24 hours

100.000%

26 checks, 0 down, 0 degraded

Last 7 days

100.000%

26 checks, 0 down, 0 degraded

Last 30 days

100.000%

26 checks, 0 down, 0 degraded

Last 90 days

100.000%

26 checks, 0 down, 0 degraded

Daily uptime, last 90 days (hover a bar for detail)

Last check: 2026-04-26T19:45:01.754Z, latency 415 ms

Security

  • TLS 1.2+ in transit, AES-256 at rest for all customer data.
  • Row Level Security on every customer-facing table; least-privilege service roles.
  • Authentication via Supabase Auth with bcrypt password hashing and optional Google SSO.
  • Email verification required before account activation.
  • Admin actions are written to an immutable activity log.
  • Secrets stored in managed secret storage, never committed to source.
  • Daily managed backups of the application database with point-in-time recovery.
  • Annual third-party penetration test planned; results summary available on request.

Privacy

We collect only the data needed to deliver AIQ: identity (name, work email, role, department), learning activity (quiz attempts, coaching notes, ladder progress), and product telemetry. Customers own their data and can export or delete it on request.

  • Customer admins control roles, access, and offboarding.
  • Personal data is segregated per organization tenant.
  • Data subject requests (access, deletion, correction) honored within 30 days.
  • Cookies limited to authentication and essential preferences.

Contact privacy@growaiq.app for data subject requests.

Compliance

AIQ aligns its controls with widely recognized frameworks. Some certifications are in progress; we publish status here so customers can plan procurement reviews accurately.

GDPR

Aligned

EU data subject rights, DPA available on request.

Nigeria NDPR

Aligned

Local data protection rights honored for Nigerian users.

SOC 2 Type I

In progress

Targeted readiness assessment underway.

SOC 2 Type II

Planned

Follows successful Type I observation period.

ISO 27001

Planned

On the roadmap after SOC 2 Type II.

ISO 42001 (AI)

Planned

Aligned with NIST AI RMF in the interim.

AI training policy

Customer data is never used to train foundation models.

  • Inference only: we send prompts to model providers solely to return a response to your users.
  • Providers are configured with zero data retention where supported by the upstream API.
  • No customer prompt or response is added to training corpora by AIQ.
  • Human-in-the-loop required for any AI output that affects a person's record (grading, coaching plans, roadmap decisions).
  • Models in use are disclosed in product and may change for quality or cost; we will list the active set on request.
  • Bias and quality reviews are part of every prompt or rubric change.

Subprocessors

We use the following providers to deliver AIQ. Material changes are announced in advance to customer admins.

ProviderPurposeRegion
Lovable Cloud (Supabase)Application database, authentication, file storageEU / US
Lovable AI GatewayLLM inference for grading, coaching, and roadmap draftsMulti region
CloudflareEdge delivery, DDoS protection, TLS terminationGlobal
ResendTransactional email deliveryEU / US

Data residency and retention

Application data is stored in the Lovable Cloud region selected for your tenant. Backups are encrypted and retained for 30 days. On verified deletion request, customer data is purged from primary stores within 30 days and from backups within 90 days.