At EmissionsIQ, we understand that your procurement spend, supplier relationships, and ESG compliance data are highly sensitive. This Security Policy outlines the technical and organizational measures we implement to protect your data.
1. Data Encryption
- In Transit: All data transmitted between your browser, ERP integrations (SAP, Coupa, Oracle, etc.), and our servers is encrypted using industry-standard TLS (Transport Layer Security) protocols.
- At Rest: All Customer Data, including spend data, emission factors, and supplier risk scores, are encrypted at rest using AES-256 encryption within our secure cloud infrastructure.
2. Access Controls
- Role-Based Access Control (RBAC): Access to the EmissionsIQ platform is governed by strict role-based permissions, ensuring that your users only see the data relevant to their roles (e.g., Procurement vs. Sustainability teams).
- Internal Access: EmissionsIQ personnel access customer data strictly on a “least privilege” and “need-to-know” basis, specifically for platform support, anomaly handling, or human-review exception resolution. All staff undergo background checks and confidentiality training.
3. Infrastructure & Network Security
- Cloud Hosting: Our platform is hosted on highly secure, enterprise-grade cloud infrastructure (e.g., AWS/Google Cloud/Azure) with built-in physical and network security.
- Monitoring & Logging: We continuously monitor our network for suspicious activity, vulnerabilities, and unauthorized access attempts. Comprehensive audit logs are maintained for tracking data lineage and user activity.
4. AI and Data Isolation
- Our Spend Classification AI and Anomaly Detection engines process your data securely.
- Your proprietary spend data is strictly isolated to your tenant environment. We do not use your confidential, identifiable supplier or pricing data to train public AI models. Any machine learning improvements are based solely on aggregated and highly anonymized metadata.
5. Third-Party Integrations
We integrate with trusted third-party platforms (e.g., ERP systems, EcoVadis, CDP). Data exchanged via these APIs is authenticated using secure tokens (OAuth 2.0 or similar) to ensure the secure and seamless transfer of spend and ESG signals.
6. Incident Response
In the highly unlikely event of a data breach, EmissionsIQ maintains a rigorous Incident Response Plan. We will notify affected customers without undue delay and, where required, notify the Office of the Australian Information Commissioner (OAIC) in compliance with the Notifiable Data Breaches (NDB) scheme under the Privacy Act.
7. Security Inquiries
If you discover a security vulnerability or have questions regarding our security architecture or compliance readiness, please contact our security team at mohit@procuraiq.com