idcom.ai

Data security

Your data, isolated and encrypted.

idcom.ai is built AWS-native. Every customer's data lives in its own isolated tenant boundary, encrypted at rest and in transit, with full audit trails — designed from day one for serious B2B analytics workloads.

Tenant isolation

Every customer has its own dedicated boundary inside our AWS account — separate S3 prefixes, IAM-scoped access, and Cognito user groups. No tenant can read another tenant's data, even by mistake.

Encryption end-to-end

TLS 1.2+ for every connection in transit. AES-256 encryption at rest on all data stores: S3 (SSE), DynamoDB (AWS-managed keys), and any future RDS instance.

Authentication

AWS Cognito user pools with optional MFA, configurable per tenant. Passwordless support roadmap. JWT-based sessions, cryptographically validated on every API call.

Audit & monitoring

CloudTrail captures every AWS API call. Application-level audit log records who did what, when, in which tenant — retained per regulatory requirements.

Backups & DR

S3 versioning + lifecycle. DynamoDB Point-In-Time Recovery on every table. Deletion protection on all stateful resources to prevent accidental data loss.

Compliance posture

GDPR principles applied platform-wide. Mexico LFPDPPP-aware. SOC 2 Type I in our roadmap. Data residency in AWS us-east-1; multi-region available on request.

How tenant isolation works

One AWS account. Strict boundaries between every tenant.

Each customer's data lives behind its own S3 prefix and IAM policies. The only way for code to access tenant data is through a JWT-validated request whose claims match that tenant.

AWS ACCOUNT Tenant A s3://idcom-data/tenant_a/ • IAM scoped • Cognito group Tenant B s3://idcom-data/tenant_b/ • IAM scoped • Cognito group Tenant C s3://idcom-data/tenant_c/ • IAM scoped • Cognito group
Tenant boundaries are enforced at the IAM, S3, and API layer — there is no shared data path between tenants.

Compliance posture

Built with compliance in mind from day one.

  • GDPR principles — data minimization, purpose limitation, and the right to be forgotten are applied platform-wide.
  • Mexico LFPDPPP awareness — ARCO rights honored; data subject requests handled within statutory windows.
  • SOC 2 Type I on our roadmap; controls are designed to map to its trust services criteria.
  • Data residency — workloads in AWS us-east-1 by default; LATAM or EU regions on request.

Responsible disclosure

Found a security issue?

We take security reports seriously. If you believe you've found a vulnerability in idcom.ai, please email us before disclosing publicly. We respond within 48 hours.

security@idcom.ai

For all other security questions, write to hello@idcom.ai.