Trust & Security
How Your Data Is Secured
CardIQ is designed to protect company and employee data through secure access controls, company-level data isolation, protected uploads, hashed API keys, audit logging, and continuous security improvement.
Layered approach
Practical protection for company and employee data
CardIQ combines technical and administrative controls to reduce risk, support accountability, and keep companies in control of employee digital identities.
Company Data Isolation
Each company’s data is separated and access is scoped by company, helping ensure users only access the data they are authorized to manage.
Secure Login & Access Control
CardIQ uses authenticated sessions, role-based access, CSRF protection, and login rate limiting to reduce unauthorized access risk.
Protected Uploads
Uploaded files such as logos and images are validated and protected to reduce unsafe file execution risks.
API Security
API keys are stored as hashes instead of plain secrets, and API access is controlled by company and subscription plan.
Identity Protection
Employee QR profiles, vCards, and digital identities can be deactivated when an employee leaves, helping prevent misuse of company identity.
Audit & Monitoring
Important actions are logged to support accountability, investigation, and operational review.
Continuous Security Review
CardIQ uses AI-assisted security review together with manual validation to identify and address potential security gaps as part of continuous improvement.
Security is a continuous process at CardIQ
Security is a continuous process at CardIQ. We keep reviewing, improving, and hardening the platform before and after customer rollout.