Legal & Security

Security & Trust

How we protect your operational data at scale.

At OpsScaleIQ, security is not an afterthought — it is the foundation of our platform. We process sensitive operational and customer review data for franchise operators, and we are built from the ground up on Google Cloud Platform with defence-in-depth controls.

Data Encryption

All data is encrypted in transit using TLS 1.2+. Data at rest is encrypted using AES-256 within Google Cloud SQL. Database automated backups are encrypted and point-in-time recoverable. EU customer data is stored in EU Cloud SQL regions from day one.

Compliance & Certifications

We adhere to strict internal security policies aligned with GDPR and CCPA requirements. EU organisations are provisioned on Cloud SQL EU regions. Reviewer names are anonymizable on request. Every write action is captured in an immutable audit log with Clerk user ID and timestamp.

Access Control & Authentication

Authentication is powered by Clerk. Enterprise customers can enable SAML/SSO with Okta, Azure AD, Google Workspace, or Ping Identity — no custom code required. All roles (Owner, Store Manager, Regional Manager, Corporate Auditor) are enforced at the API level, not just the UI layer.

Vulnerability Management

Automated scanning runs across our GCP Cloud Run and Cloud SQL infrastructure on every deployment. Vertex AI API calls are rate-limited and proxied server-side — no API keys are exposed to the browser. Cloudflare Turnstile protects public-facing forms against bot abuse.

Infrastructure Summary

  • Compute: Google Cloud Run (serverless, auto-scaling, no persistent VMs to patch)
  • Database: Cloud SQL for PostgreSQL with automated backups and point-in-time recovery
  • AI: Vertex AI (enterprise LLMs on Google Cloud) — all AI calls are server-side, proxied through Cloud Run; no model API keys exposed to the browser
  • Auth: Clerk with MFA, passwordless magic links, and Enterprise SSO/SAML
  • Billing: Stripe — no credit card data ever touches OpsScaleIQ servers
  • File storage: Google Cloud Storage with 90-day archive policy and 1-year deletion lifecycle for photo proofs

Report a security vulnerability or request a security review:

[email protected]