Skip to content
Security & trust

Built to be trusted with your destination's data.

How Coniq protects destination and shopper data, independently audited to SOC 2 Type II, Cyber Essentials certified, and GDPR/CCPA/CPRA/PIPEDA-aligned. Reports, policies and current status are in our Trust Center.

Trust pillars

How we protect your data

Written for the people who sign off on a platform, CFO, IT and procurement. Plain claims, no security theatre.

Data protection & GDPR

Shopper and destination data is handled on a lawful basis with data-minimisation in mind. Designed to meet GDPR and UK GDPR obligations, with data-processing terms and support for data-subject requests.

Access control & audit

Role-based access control (RBAC) is live in our modern offer-management tool, so operators see only what their role allows, with an audit trail of who changed what, and when.

Encryption

Data is encrypted in transit with TLS, and encrypted at rest in our managed infrastructure. Secrets and keys are kept out of application code and rotated.

Reliability & uptime

The platform powers loyalty for leading destinations at scale today. We run on managed cloud infrastructure with monitoring, backups and a documented recovery approach.

Responsible AI

AI features are grounded in your own data, designed to be prompt-injection-hardened, and scoped to your tenant, your data is never used to train shared models. AI is how features work, not a black box bolted on.

Data residency & retention

Clear retention rules and the ability to export or delete data on request. We are happy to walk procurement and IT through where data lives and how long it is kept.

Compliance

Certifications & compliance

Independently audited, and aligned to the privacy laws our destinations operate under. Full reports, policies and current status live in our Trust Center.

SOC 2 Type II

CertifiedIndependently audited to SOC 2 Type II by a third-party auditor, covering security, availability and confidentiality.

Cyber Essentials

CertifiedCertified under the UK government-backed Cyber Essentials scheme.

GDPR & UK GDPR

In placeWe operate under GDPR and UK GDPR, with data-processing agreements available for review.

CCPA & CPRA

In placeAligned with California's CCPA and CPRA for US consumer privacy.

PIPEDA

In placeAligned with Canada's PIPEDA for personal-information protection.

Qualys SSL Labs A+

A+coniq.com holds an A+ rating from Qualys SSL Labs for its TLS configuration.

For procurement & IT

A straight answer to your security review.

We're used to landlord and operator due diligence. Send your security questionnaire and we'll respond with what's in place, what's in progress, and the documents to back it up.

Security posture · summaryreviewed

MFA, SSO & RBAC

Access control with audit logging

Encrypted in transit & at rest

TLS + encryption at rest, managed keys

Pen-tested & monitored

App pen testing, EDR, anti-DDoS, DLP

Independently audited (SOC 2 Type II). Full reports & policies in the Trust Center.

Bring your security questions

We'd rather answer them straight than hide behind a badge wall.