Compliance

IQNexus+ is committed to enterprise-grade compliance. This page lists current alignments and planned certifications. Nothing on this page is an audit attestation; for procurement evidence email security@iqnexus.app.

Frameworks

GDPR

Aligned

Our practices align with GDPR principles: lawful basis, data minimization, user rights (access, erasure, portability), and a 30-day response SLA. We are not separately certified — GDPR has no formal certification regime for processors.

CCPA / CPRA

Aligned

California residents may exercise know/delete/opt-out rights. We do not sell personal data.

SOC 2 Type II

Planned

Audit readiness work in progress. Target window: 2027. Bridge controls in place (audit logging, access reviews, change management).

ISO 27001

Planned

Roadmap item. ISMS scoping under way alongside SOC 2 work.

HIPAA

Planned

Not currently in scope; IQNexus+ does not handle PHI today.

Data residency

Primary data stored in EU region by default.
Enterprise customers may request alternate regions (US, India) — contact us before contract.
Cross-region replication only for backups and disaster recovery.

Vendor & sub-processor security

All sub-processors reviewed annually for security posture and applicable certifications.
Current categories: cloud hosting, managed database, AI inference, payments, email delivery, error monitoring.
Full sub-processor list and DPA available on request: security@iqnexus.app.