The logical access control procedures we have in place are designed to prevent or mitigate the threats of unauthorized application access and data loss in corporate and production
environments. Employees are granted minimum (or “least privilege”) access to specified SQAI Suite instances, applications, networks, and devices, as needed. User privileges are also segregated based on functional role and environment.

SQAI Suite leverages a multi-tenant architecture, logically separated at the database level, based on a user’s or organization’s account. Only authenticated parties are granted access to relevant accounts.

SQAI Suite's databases are backed up regularly and these backups are periodically tested.

SQAI Suite undergoes an external penetration test by an independent third party on an annual cadence, at minimum.

SQAI Suite maintains a cryptographic standard that meets industry standards. This standard is periodically reviewed, and selected technologies and ciphers may be updated following the assessed risk and market acceptance of new standards.

We take advantage of Amazon Web Services (AWS) APIs, tools, and security features to
monitor the integrity of our deployed cloud resources and log access to our cloud environments.
We strive to provide least-privilege access to our team and use Infrastructure-as-Code.

SQAI Suite's applications and customer assets are housed in the AWS cloud. Staging or testing environments contain no actual customer data.

Our office location is part of an ISO certified incubator group called Gumption.
​

SQAI Suite's internal security security controls include, but are not limited to, the following tools and practices: