Security & Deployment
HQDecision isn't just documented. It's designed to be auditable. For the audit that's coming.
If a decision is not cryptographically verifiable, it cannot be considered reliable.
Every module answers a question your auditor will ask.
Tenant Isolation
How is our data separated from other tenants?
- Row-Level Security and Tenant Scoping
- Strict data isolation between tenants
- Least-privilege access control
Signing & Integrity
How do we ensure decisions haven't been tampered with?
- Signature fixed at approval
- Version snapshots at approval
- Verifiable decision integrity
Audit Trail
Can we prove without gaps who decided what and when?
- Append-only event timeline
- Full traceability
- No retroactive manipulation
Identity Integration
How does the system integrate with our access control?
- Entra ID / OIDC integration
- Enterprise access control
- Single Sign-On for organizations
Deployment Options
Cloud
Isolated tenants, automatic updates, ready to deploy.
Private Cloud
Your own infrastructure, full control over data storage.
On-Premise
Complete sovereignty. Data never leaves your network.
Infrastructure & Compliance
AWS Frankfurt (eu-central-1)
ISO 27001-certified infrastructure. All data stored and processed exclusively in Germany.
Encryption
AES-256 at-rest, TLS 1.3 in-transit. Full protection of all decision data.
GDPR Compliant
Data Processing Agreement (DPA) available on request. No data shared with third parties.
SOC 2 Type II
AWS infrastructure is SOC 2 Type II certified. Documentation available on request.