Built for industries where compliance isn't optional

How ComplianceIQ protects your data, your documents, and your organisation.

Your data stays where you need it.

  • Default AI processing via Anthropic Claude API -API-only, your data is never used for model training
  • Bring Your Own AI (BYOAI) -connect your own cloud AI provider for complete data sovereignty
  • UK-hosted infrastructure option -data never leaves the UK
  • Customer AI credentials encrypted at rest
  • IAM role assumption for enterprise setups -no shared credentials

Every organisation's data is completely isolated.

  • Row-Level Security enforced at the database level on every table containing user or organisation data
  • Every query scoped to the requesting user's organisation | enforced by the database, not just the application
  • No cross-tenant data leakage by design -isolation cannot be bypassed at the application layer
  • Separate processing pipelines per organisation

The right people see the right things.

  • Role-based access control: admin, member, viewer
  • Team invites with role assignment
  • Plan-based user limits
  • Session management with secure token handling

Every action recorded. Every question traceable.

  • Full audit log of every user action -timestamped with user, IP, action details
  • Every AI interaction logged with the prompt version used
  • Conversation history preserved and searchable
  • Document version history with AI-generated change notes
  • Compliance evidence that satisfies regulatory inspection requirements

Every file scanned before it enters the platform.

  • Virus and malware scanning on every uploaded file
  • File type validation with magic byte verification
  • Size limits enforced per upload
  • Rate limiting across all endpoints

AI that stays in its lane.

  • Prompt injection prevention built into every AI interaction
  • System prompts engineered by compliance professionals -not generic templates
  • AI responses grounded in legislation and your documents -not hallucinated
  • Quality loop on generated documents -AI audits its own output before you see it
  • Missing content detection -logs queries the AI couldn't confidently answer

GDPR compliant by design.

  • Data Processing Agreement (DPA) available | view DPA
  • Sub-processors disclosed
  • Privacy Policy | view policy
  • Cookie Policy with granular consent | view policy
  • Full account and data deletion on request
  • Data export available on request

Enterprise-grade, from the ground up.

  • Hosted on Vercel with automatic failover
  • PostgreSQL database with automated backups
  • AI request queue with automatic retry
  • Security headers: CSP, HSTS with preload, X-Frame-Options
  • Dependency monitoring with automated security updates

Have security questions? Let's talk.

Get in TouchDownload our DPA