Security at IPSYS Analytics

Infrastructure

IPSYS Analytics is built on SOC 2 Type II certified platforms, inheriting their security controls:

IPSYS Analytics is not independently SOC2 or ISO27001 certified at this time. We are evaluating SOC2 certification as the platform scales.

Data Protection

Encryption

• Data encrypted in transit and at rest via our infrastructure providers

Tenant Isolation

• Row-Level Security enforces strict data separation at the database level
• Customer data is never shared, aggregated, or used for AI training

Payment Data

• Payment information is handled entirely by Stripe
• IPSYS Analytics does not store or process credit card or billing data

Authentication

Currently Supported:

• Email/password with strong password requirements enforced at registration
• OAuth via Google and Microsoft (Supabase Auth)

Not Currently Supported:

• SAML SSO (Okta, Azure AD, ADFS)

AI & Privacy

Our Schedule Review Intelligence uses Anthropic's Claude API for analysis. Only schedule metrics are sent to AI services—never raw files or personally identifiable information. Anthropic does not retain API data or use it for model training.

Data Privacy

Our Privacy Policy at www.ipsysanalytics.com/privacy describes our data practices and references CCPA and GDPR frameworks.

IPSYS Analytics has not undergone formal GDPR or CCPA compliance audits at this time.

Your Data, Your Control

• Delete schedule data anytime via the application
• Full data purge within 30 days of account cancellation
• Data export available upon request

Compliance Status