aiAxonIQ
Get Started
Home/Security
Security

Security at aiAxonIQ

Your observability data is critical infrastructure. We protect it with security that is built into the platform itself — tenant isolation, hardened credentials, and access controls you can verify.

Security Practices

Security is designed into the architecture, not bolted on. Here is what the platform actually does to protect your data.

Tenant Isolation

Tenant identity is stamped on every record at the ingest layer — never trusted from the client — and enforced on every query.

RBAC + Audit Log

Owner, admin, editor, and viewer roles with team invites. Account and configuration changes land in an immutable audit log.

Hardened Credentials

API keys are bcrypt-hashed — never stored in plaintext. Dashboard sessions use JWT auth with HttpOnly cookies.

GDPR Data Processing

We process personal data as a processor under GDPR. A DPA with Standard Contractual Clauses is available.

Defense in Depth

Multiple layers of protection across ingest, storage, and query — every layer assumes the others can fail.

Encryption & Credentials

  • ✓TLS encryption for all data in transit, terminated at the edge
  • ✓Encryption at rest via the underlying storage infrastructure
  • ✓API keys bcrypt-hashed — never stored or logged in plaintext
  • ✓JWT authentication delivered via HttpOnly cookies

Access Controls

  • ✓Role-based access control: owner, admin, editor, viewer
  • ✓Team invites with role-scoped permissions
  • ✓Immutable audit log of account and configuration changes
  • ✓SSO / SAML available on Enterprise plans

Platform Hardening

  • ✓Per-tenant rate limiting at the ingest layer
  • ✓Parameterized queries throughout the data layer
  • ✓PII redaction in application logs
  • ✓Kafka-backed pipeline with dead-letter queues — failed events are captured, not silently dropped

Tenant Isolation

  • ✓Tenant identity injected at the ingest layer — never trusted from the SDK
  • ✓Tenant-scoped API keys — no cross-tenant access possible
  • ✓Every query is filtered by tenant at the storage layer
  • ✓Self-host option: run the entire platform in your own infrastructure with Docker Compose or Kubernetes

Responsible Disclosure

If you discover a security vulnerability in aiAxonIQ, we appreciate your help in disclosing it responsibly. Please email security@aiaxoniq.com with details. We commit to:

  • ✓Acknowledge receipt within 24 hours
  • ✓Provide an initial assessment within 72 hours
  • ✓Keep you informed of remediation progress
  • ✓Credit you in our security advisories (with your permission)
  • ✓Not pursue legal action against good-faith security researchers

For non-security inquiries, contact hello@aiaxoniq.com.