inferonIQ/DocumentationSign In

Security & Compliance

Enterprise-grade security built in at every layer. Your data stays yours.

Data Protection

Encryption at Rest

All sensitive data encrypted with AES-256-GCM. Database credentials, API keys, and PII fields are never stored in plaintext.

Encryption in Transit

TLS 1.3 enforced on all connections — API traffic, database connections, and inter-service communication.

No Data Caching

Query results are streamed to users, not persisted. Only metadata (schema shapes, query patterns) is stored.

Data Sovereignty

BYOC: all data stays within your infrastructure. SaaS: data isolated per region (US, EU, APAC).

Multi-Tenant Isolation

  • Row Level Security (RLS) — Every database query is scoped to the authenticated tenant. Cross-tenant data access is impossible at the database level.
  • Separate Connection Pools — Each tenant's database credentials are isolated. One tenant cannot query another tenant's databases.
  • API Key Scoping — API keys are tenant-bound. A key issued to Org A cannot access Org B's data.

Access Control (RBAC)

RolePermissions
AdminFull access: connections, users, billing, configuration
AnalystQuery, upload, view results. Cannot manage connections or users.
ViewerRead-only dashboards and saved queries
APIProgrammatic access scoped by key permissions

Query Safety

  • Read-Only Execution — NL2SQL generates SELECT statements only. INSERT, UPDATE, DELETE, DDL blocked at the engine level.
  • Query Timeouts — Configurable per connection (default 30s). Long-running queries terminated automatically.
  • Row Limits — Results capped (default 10,000 rows) to prevent accidental full-table scans.
  • SQL Injection Prevention — AI-generated SQL is validated before execution. Parameterized where applicable.

PII Detection

Automatic PII classification during schema profiling:

  • Email addresses, phone numbers, social security numbers
  • Credit card numbers (Luhn-validated pattern match)
  • Physical addresses, dates of birth
  • Custom PII patterns configurable per organization

PII columns are flagged in the catalog. Organizations can configure masking rules or exclude PII columns from NL2SQL entirely.

Audit Trail

  • Every action logged — queries, uploads, config changes, logins, exports
  • Immutable — audit records cannot be modified or deleted
  • Timestamped with user ID — who did what, when, from where
  • Exportable — CSV/JSON export for external SIEM integration
  • Retention — configurable per organization (default: 2 years)

Compliance Frameworks

SOX Readiness

Segregation of duties, change audit trail, approval workflows for financial data access.

HIPAA Compatible

BYOC deployment with encryption, access controls, audit logging meets technical safeguards.

GDPR / Privacy

Data minimization, right to erasure support, PII detection and masking, EU data residency.

ISO 27001 Aligned

Information security controls mapped to ISO 27001 Annex A requirements.

Authentication Methods

  • Email + Password (with MFA)
  • Google OAuth 2.0
  • Microsoft Azure AD / Entra ID
  • OIDC (any compliant provider)
  • SAML 2.0 (Enterprise SSO)
  • API Keys (for programmatic access)

Vulnerability Management

  • Dependencies scanned weekly via automated tooling
  • Docker images rebuilt on security patch releases
  • Responsible disclosure program for security researchers
  • Security contact: [email protected]