Security

This page summarizes the security practices we apply to the priorIQ.ai website.

Hosting

The site is delivered through Microsoft Azure Static Web Apps and served over a global content delivery network. Certificates are managed automatically and renewed before expiry.

Transport security

HTTPS is enforced site-wide. We send HTTP Strict Transport Security (HSTS) with a long max-age, includeSubDomains and preload, so browsers refuse insecure connections to our domains.

Security headers

The site sends a strict set of security headers, including:

• A strict Content-Security-Policy restricting where scripts, styles and connections may originate.
• X-Content-Type-Options: nosniff to prevent MIME-type sniffing.
• X-Frame-Options: DENY to prevent framing of our pages.
• Referrer-Policy: strict-origin-when-cross-origin to minimise referrer leakage.
• Permissions-Policy restricting access to sensitive browser features.

Cookies and analytics

We use Google Analytics 4 only after the visitor explicitly consents via our cookie banner. We do not use advertising cookies. Our consent banner is implemented to ensure analytics scripts do not load until the visitor opts in.

Forms and data minimization

The forms on the site collect only the data necessary to respond to inquiries. We do not collect special categories of personal data through this site. Form submissions are routed to internal communication channels and protected with industry-standard security.

Vulnerability management and responsible disclosure

We operate a risk-based vulnerability management program aligned with our published guidance and the ISO/IEC 27001 control A.8.8.

If you believe you have found a security issue affecting priorIQ.ai, please email [email protected] with the details and the steps to reproduce. We will acknowledge promptly and work with you to remediate. We ask researchers to act in good faith, avoid privacy violations and disruption of service, and to give us reasonable time to address the issue before public disclosure.

Compliance posture

Our security program is designed to align with ISO/IEC 27001 controls relevant to a SaaS marketing site, including secure configuration, vulnerability management, access control and supplier management. Product-level certifications, where applicable, are described in the product documentation.

Sub-processors and shared responsibility

We rely on reputable sub-processors with their own security certifications and apply contractual safeguards (see our Data Processing Notice). Some aspects of security are shared with these providers (for example, hosting infrastructure security with Microsoft Azure).

Updates

We may update this page as our practices evolve. The "Last updated" date reflects the most recent revision.

Contact

For security questions or to report an issue, write to [email protected].