Your commercial data, handled like it matters.
SOC 2 Type II, EU residency, read-only connectors, and a security team that answers the phone.
Audited annually by a Big 4 firm. Report available under NDA.
DPA on request. EU data residency available on Enterprise.
For wellness brands handling PHI — available on Enterprise.
Expected certified Q3 2026.
We treat customer data like the commercial secret it is.
RestockIQ holds revenue, margin, cost, and supplier data — information that, if leaked, directly harms our customers. Our entire engineering and ops program is built around that reality.
- Principle of least privilege everywhere
- Every access audit-logged
- No customer data in dev or training
- Security reviewed at every PR
What we actually do, technically.
TLS 1.2+ with modern ciphersuites. HSTS preloaded.
AES-256 for all data stores and backups.
Okta, Google, Azure AD SAML. MFA enforced on all admin roles.
Role-based; customer data access requires customer approval.
POs write back only after explicit customer approval.
Point-in-time recovery up to 30 days; cross-region replicated.
15-minute SLA to detect, 1-hour SLA to triage P1 events.
All subprocessors reviewed against our security baseline.
From connect to delete.
Only what we need to forecast — orders, stock, lead times, ad spend.
US (default) or EU (Enterprise). Never leaves the chosen region.
Scoped tokens per workspace. Audit-logged. SSO-enforced.
Kept while subscription is active. Deleted within 30 days of offboarding.
Who else touches the data — and what they do.
| Provider | Purpose | Region |
|---|---|---|
| Amazon Web Services | Infrastructure + storage | US / EU |
| Snowflake | Analytical data warehouse | US / EU |
| Datadog | Observability + logs | US |
| Stripe | Billing | US |
| Linear | Internal ticketing (no customer data) | US |
| Okta | Internal identity | US |
Found something? We'll pay you for it.
Responsible disclosure program via HackerOne. Payouts from $250 (low) to $10,000 (critical). Safe-harbor for all good-faith research.
Report a vulnerability99.95% rolling 12-month.
p95 API latency under 200ms.
Live at status.restockiq.ai — auto-updated.
Policies, questionnaires, and reports in one place.
SOC 2 report, SIG-Lite, CAIQ, DPA, sub-processor list, and our security policies. Gated by a light NDA click-through.
Security, answered.
A suite of AI products for the way modern brands operate.
We build vertical AI for ecommerce teams — from demand forecasting to allocation and supplier intelligence. Opinionated UX, explainable models, and integrations that actually work on day one.
Security review blocking your evaluation?
Email security@restockiq.ai — most questionnaires back in 48 hours.