Trust & Security

How Your Data Is Secured

CardIQ is designed to protect company and employee data through secure access controls, company-level data isolation, protected uploads, hashed API keys, audit logging, and continuous security improvement.

CardIQ data security visual
Layered approach

Practical protection for company and employee data

CardIQ combines technical and administrative controls to reduce risk, support accountability, and keep companies in control of employee digital identities.

Company Data Isolation Each company’s data is separated and access is scoped by company, helping ensure users only access the data they are authorized to manage.
Secure Login & Access Control CardIQ uses authenticated sessions, role-based access, CSRF protection, and login rate limiting to reduce unauthorized access risk.
Protected Uploads Uploaded files such as logos and images are validated and protected to reduce unsafe file execution risks.
API Security API keys are stored as hashes instead of plain secrets, and API access is controlled by company and subscription plan.
Identity Protection Employee QR profiles, vCards, and digital identities can be deactivated when an employee leaves, helping prevent misuse of company identity.
Audit & Monitoring Important actions are logged to support accountability, investigation, and operational review.
Continuous Security Review CardIQ uses AI-assisted security review together with manual validation to identify and address potential security gaps as part of continuous improvement.

Security is a continuous process at CardIQ

Security is a continuous process at CardIQ. We keep reviewing, improving, and hardening the platform before and after customer rollout.