Security Policy

VerseIQ processes live sales conversation data. We take that responsibility seriously. This page summarises the controls we have in place to protect customer data and platform integrity.

Data protection

• All data in transit is encrypted using TLS 1.2 or higher
• Sensitive data at rest is stored using encrypted storage
• We process only the data required to deliver platform functionality
• Data is deleted or anonymised when no longer needed

Access control

• Access to systems and customer data is granted on a least-privilege basis
• Multi-factor authentication is required for administrative access
• Secrets and API keys are never stored in source code
• Access is reviewed regularly and revoked when no longer required

Secure development

• All code changes are reviewed before deployment
• We use static and dynamic security testing (SAST and DAST) across the application

Lifecycle

• Dependencies are monitored for known vulnerabilities
• Production and development environments are logically separated

Monitoring and incident response

• Authentication, access, and infrastructure events are logged
• Systems are monitored for anomalous behaviour and service degradation
• Security incidents are assessed, contained, and investigated promptly
• Customers are notified where required by contract, law, or material impact

Third-party services

VerseIQ uses trusted third-party providers for infrastructure and AI processing. Vendors are selected with security diligence and granted only the access necessary to deliver their function.

Questions

If you have a security-related question or wish to report a concern, contact us at security@verseiq.com