Built to be trusted with your destination's data.
How Coniq protects destination and shopper data, independently audited to SOC 2 Type II, Cyber Essentials certified, and GDPR/CCPA/CPRA/PIPEDA-aligned. Reports, policies and current status are in our Trust Center.
How we protect your data
Written for the people who sign off on a platform, CFO, IT and procurement. Plain claims, no security theatre.
Data protection & GDPR
Shopper and destination data is handled on a lawful basis with data-minimisation in mind. Designed to meet GDPR and UK GDPR obligations, with data-processing terms and support for data-subject requests.
Access control & audit
Role-based access control (RBAC) is live in our modern offer-management tool, so operators see only what their role allows, with an audit trail of who changed what, and when.
Encryption
Data is encrypted in transit with TLS, and encrypted at rest in our managed infrastructure. Secrets and keys are kept out of application code and rotated.
Reliability & uptime
The platform powers loyalty for leading destinations at scale today. We run on managed cloud infrastructure with monitoring, backups and a documented recovery approach.
Responsible AI
AI features are grounded in your own data, designed to be prompt-injection-hardened, and scoped to your tenant, your data is never used to train shared models. AI is how features work, not a black box bolted on.
Data residency & retention
Clear retention rules and the ability to export or delete data on request. We are happy to walk procurement and IT through where data lives and how long it is kept.
Certifications & compliance
Independently audited, and aligned to the privacy laws our destinations operate under. Full reports, policies and current status live in our Trust Center.
SOC 2 Type II
CertifiedIndependently audited to SOC 2 Type II by a third-party auditor, covering security, availability and confidentiality.
Cyber Essentials
CertifiedCertified under the UK government-backed Cyber Essentials scheme.
GDPR & UK GDPR
In placeWe operate under GDPR and UK GDPR, with data-processing agreements available for review.
CCPA & CPRA
In placeAligned with California's CCPA and CPRA for US consumer privacy.
PIPEDA
In placeAligned with Canada's PIPEDA for personal-information protection.
Qualys SSL Labs A+
A+coniq.com holds an A+ rating from Qualys SSL Labs for its TLS configuration.
A straight answer to your security review.
We're used to landlord and operator due diligence. Send your security questionnaire and we'll respond with what's in place, what's in progress, and the documents to back it up.
MFA, SSO & RBAC
Access control with audit logging
Encrypted in transit & at rest
TLS + encryption at rest, managed keys
Pen-tested & monitored
App pen testing, EDR, anti-DDoS, DLP
Independently audited (SOC 2 Type II). Full reports & policies in the Trust Center.
Bring your security questions
We'd rather answer them straight than hide behind a badge wall.