[{"data":1,"prerenderedAt":4},["ShallowReactive",2],{"raw-en-security":3},"---\ntitle: Trust & Security\ndescription: How IQ:NS handles data, what we store, and how we protect it.\nlang: en\nnavigation:\n  section: platform\n  label: Security\n  order: 30\n---\n\n# Trust & Security\n\n## What we store\n\nIQ:NS operates on **metadata only**:\n\n- Framework concepts and relationships (public regulatory text)\n- Your system profiles (if using the commercial tier): names, capabilities, risk classifications\n- Your ontology extensions (if private): custom concepts and mappings\n- Evidence references (links or hashes — not the documents themselves)\n\nWe **never** store model training data, weights, inference outputs, customer data, or PII.\n\n## Where we store it\n\n- **Encryption:** AES-256 at rest, TLS 1.3 in transit\n- **Access:** Role-based controls, audit logging\n- **Backups:** Automated daily, geographically distributed\n\n## Deployment options\n\n- **Self-hosted** — download Turtle files, run your own triplestore\n- **Cloud hosted** — managed instance on AWS, encrypted\n- **Private cloud** — deployed in your VPC\n- **Air-gapped** — Available on-premises for every customer\n\n## Compliance\n\n- SOC 2 Type II audited\n- GDPR compliant — no personal data retention\n- ISO 27001 certified\n- HIPAA BAA and FedRAMP available on request\n\n## Open by default\n\nThe core ontologies are open source. You can verify every concept, every mapping, every relationship. Transparency is structural, not promised.\n\n## Report a security issue\n\n[security@iqns.org](mailto:security@iqns.org)\n\n---\n\n[Privacy policy](\u002Fprivacy) · [Terms of service](\u002Fterms)\n",1776235631427]