Skip to content
Cortiqa
Security

Security Policy

Our approach to protecting your data, securing our infrastructure, and maintaining the integrity of our AI systems.

Last Updated: March 21, 2026Effective: March 21, 2026

1. Our Security Commitment

At Cortiqa, security is foundational to everything we build. We implement defense-in-depth strategies across our entire technology stack—from physical data center security to application-layer encryption—to ensure your data and intellectual property remain protected.

This Security Policy describes the technical and organizational measures we employ to safeguard our systems, our users, and the data entrusted to us.

2. Data Encryption

All data processed by Cortiqa is protected using industry-standard encryption technologies.

Encryption at Rest

AES-256

All stored data is encrypted using AES-256 encryption, ensuring that data remains protected even if physical storage media is compromised.

Encryption in Transit

TLS 1.2+

All data transmitted between your devices and our servers is encrypted using TLS 1.2 or higher, protecting against interception and tampering.

Key Management

HSM-backed

Encryption keys are managed using hardware security modules (HSMs) with strict access controls and regular rotation schedules.

End-to-End Encryption

Where applicable

For sensitive communications and data processing, we implement end-to-end encryption to ensure only authorized parties can access content.

3. Infrastructure Security

Our infrastructure is hosted on globally distributed, tier-1 data centers with comprehensive physical and network security controls.

1

Cloud Infrastructure

We leverage industry-leading cloud providers with SOC 2 Type II, ISO 27001, and other relevant certifications.

2

Network Security

Our networks are protected by firewalls, intrusion detection systems (IDS), and web application firewalls (WAF) to prevent unauthorized access.

3

Network Segmentation

Production environments are isolated from development and testing environments through strict network segmentation.

4

DDoS Protection

We employ multiple layers of DDoS mitigation to ensure service availability during volumetric attacks.

5

Automated Patching

Security patches are applied systematically across our infrastructure, with critical vulnerabilities addressed within 24–48 hours.

6

Redundancy & Failover

Our systems are designed with high availability, featuring automated failover and geographically distributed backups.

4. Access Control

We implement strict access controls to ensure that only authorized personnel can access sensitive systems and data.

Zero Trust Architecture

We operate on a zero-trust model where no user or system is trusted by default, regardless of location.

Multi-Factor Authentication

MFA is enforced for all employees accessing production systems and administrative interfaces.

Principle of Least Privilege

Access rights are granted based on job function and reviewed regularly to ensure appropriateness.

Identity & Access Management

Centralized IAM systems manage user identities, access policies, and authentication across all services.

5. Monitoring and Incident Response

We continuously monitor our systems for security threats and maintain robust incident response capabilities.

  • 24/7 security monitoring with automated alerting for suspicious activities.
  • Comprehensive logging of system events, access attempts, and administrative actions.
  • Security Information and Event Management (SIEM) for centralized log analysis and threat detection.
  • Documented incident response procedures with defined escalation paths.
  • Regular incident response drills and tabletop exercises.
  • Post-incident reviews and continuous improvement of security controls.

6. Compliance and Certifications

Cortiqa and our infrastructure partners maintain compliance with industry standards and regulations.

Standard / CertificationStatus
SOC 2 Type IICompliant (via infrastructure partners)
ISO 27001Compliant (via infrastructure partners)
GDPRCompliant
CCPACompliant
HIPAAAvailable for Enterprise (BAA required)

7. Vulnerability Disclosure Program

We value the security research community and operate a responsible disclosure program. If you discover a security vulnerability in our systems, we encourage you to report it to us privately.

Reporting Guidelines

  • Provide a detailed description of the vulnerability, including steps to reproduce.
  • Allow reasonable time for us to investigate and address the issue before public disclosure.
  • Do not access, modify, or delete data belonging to other users.
  • Do not perform denial-of-service attacks or social engineering against our employees.

Security Team

security@cortiqa.com

Response Time

Within 48 hours

8. Employee Security Practices

Our security extends to our people and processes:

  • Background checks are conducted for all employees with access to sensitive systems.
  • Security awareness training is mandatory for all employees and conducted regularly.
  • All employees sign confidentiality agreements and are bound by data protection obligations.
  • Access to production systems is reviewed quarterly and revoked immediately upon role change or termination.

Cortiqa is committed to maintaining the highest standards of security. This policy is reviewed and updated regularly to reflect changes in our practices, technology, and regulatory requirements. If you have any questions about our security practices, please contact our security team.

© 2025 Cortiqa. All rights reserved.