)
Insights iQ™ Data Security
Every client interaction runs in a certified, zero-trust environment. Encrypted at every stage, governed by the compliance standards your legal and security teams already require.
Certified to the standards that matter.
)
)
)
)
)
)
Every recording, transcript, and metadata file that flows through Insights iQ enters a closed, purpose-built environment with no sampling, no compliance shortcuts, and no exceptions. Data stays encrypted, access-controlled, and retained on terms you define by contract. If your program operates in healthcare, financial services, or any regulated industry, the infrastructure was built with those requirements in mind from Day One.
Insights iQ supports data privacy requirements for clients operating in the European Union and European Economic Area. iQor maintains operations in multiple countries and supports GDPR-aligned data handling practices for applicable programs, including data minimization, role-based access control, encryption, retention governance, and contractual data processing commitments.
How We Protect Your Data at Every Stage
Data Capture and Storage
All interaction data enters through secure, encrypted channels using TLS 1.2+ protocols and stays within iQor's AWS infrastructure alone, configured with HITRUST-certified, SOC 2-compliant controls, stringent access restrictions, and continuous audit policies. Client data is logically segregated using access controls, tenant separation, encryption, and contractual data handling requirements, and it never leaves this environment for processing or storage purposes.
Encryption in Transit and at Rest
TLS 1.2+ governs all API and system communication in transit, and AES-256 encryption covers every stored file at rest: call recordings, transcripts, and metadata without exception. There are no unencrypted windows anywhere in the data lifecycle.
PII and PCI Redaction
Our systems redact personally identifiable information from transcripts before any downstream processing takes place. PCI card data goes through automatic redaction from both audio recordings and transcribed text before analysis begins. We process only the minimum data necessary to fulfill a specific request, and retention follows the governance and regulatory requirements you define by contract.
AI and LLM Usage Safeguards
AI models process your data for intent prediction, sentiment analysis, and summarization without storing or logging any of it. iQor does not train its models on client data. All AI processing is ephemeral and stateless: the session ends and the system purges the data immediately, leaving no residual storage in any external model and no repurposing of your client interactions beyond the specific task at hand.
What Each Certification Means for Your Program
Certifications are not the same as security. They are the documentation that a third-party auditor has verified the security actually exists. Here is what each one means in the context of your program running through Insights iQ.
HITRUST CSF
The most rigorous healthcare information security framework. Most major health plans and payers require it before data sharing can begin. It covers privacy, security, and breach notification requirements under a single audited standard.
SOC 2 Type II
Verifies that iQor's security controls have been operating without interruption over a defined review period. Type II certification reflects sustained performance over time, which is what procurement and legal teams require when evaluating a vendor.
SOC 1 Type II
Governs controls over financial reporting processes. Financial services clients whose customer payment and transaction data flows through iQor's environment require this certification before a program can go live.
PCI-DSS
The payment card industry standard. It applies to any program where agents handle or process cardholder data.
ISO 27001
The international information security management standard. It covers the full information security management system, including the policies, processes, and organizational structure that govern how we make security decisions across the organization.
HIPAA
Federal compliance for protected health information. Every healthcare program running through Insights iQ falls under this coverage, governing how we access, transmit, and safeguard PHI throughout the engagement.
FAQs
What questions does your compliance team need answered before moving forward?
We work with security, legal, and data governance teams to document exactly how your data flows through the Insights iQ environment. If you need a detailed data flow review, a compliance summary, or documentation for your internal stakeholders, we can put that together.