Security across The IQ Suite
ReconcileIQ, CodeIQ, LedgerIQ, PrepIQ and IQ Books handle accounting, tax, client, statutory and financial records. The platform is built around encryption, limited access, secure integrations, reviewable audit trails, GDPR controls and HMRC-ready filing practices.
Last updated: 8 July 2026
Our Security Commitment
Encryption and Protected Storage
All information handled by the platform is encrypted in transit and at rest. We use HTTPS/TLS for transit, encrypted server storage/database disks for at-rest protection, and access controls appropriate to the data type. Some browser-first workflows also encrypt or process data locally before upload.
Minimal Data Footprint
We keep the data needed for the workflow, and no more. Simple conversion or reconciliation uploads are deleted after processing where retention is not needed. Account-backed ledgers, attachments, coding, posting, VAT, ITSA, Companies House, HMRC and audit workflows retain the records needed for review, correction, evidence and compliance.
Secure Authentication
User accounts are protected with password hashing, email verification, session controls and secure token handling. IQ Books organisations use role-based access for owners, admins, bookkeepers and viewers. Platform integrations use OAuth or platform-issued credentials where supported, and access is limited to the permissions needed for the connected workflow.
Hardened Infrastructure
The platform uses hardened cloud infrastructure, Cloudflare protection, server patching, file validation, monitoring, database access controls and restricted administrative access. Operational logs support stability, abuse detection and incident response.
GDPR and Filing Ready
Our data handling follows GDPR principles including minimisation, purpose limitation, security and accountability. HMRC-facing workflows are designed around official API requirements, including fraud-prevention headers, audit metadata and production-access expectations. Statutory accounts workflows keep review, approval, iXBRL validation and filing evidence tied to the ledger. See our Privacy Policy for details.
Payments and AI Providers
Payments, cards, online invoice payments, subscriptions and billing portal access are handled by Stripe. We do not store full card numbers. AI-assisted features, including RiQ chat or voice-command workflows, use Google Gemini via API with prompts limited to the feature context and governed by Google's applicable paid-service data processing terms.
Our Ongoing Commitment
Security is not a one-time setup; it is an ongoing process. We maintain and improve our security posture through:
- Secure development: Code review, secure-by-design decisions, dependency review and testing before release.
- Infrastructure hardening: Patch management, firewalling, Cloudflare protections, monitoring and restricted administrative access.
- Data minimisation: Browser-side processing where practical, process-and-delete handling for temporary uploads, and scoped retention for account-backed audit workflows.
- Access control: Need-to-know internal access, authentication controls, token handling and platform-specific permission scopes.
- Auditability: Review trails for ledger changes, coding, posting, reconciliation, stock, fixed assets, VAT, ITSA, statutory accounts, consent, billing and HMRC-relevant activity where those workflows require evidence.
- Transparency: Clear Privacy, GDPR, Terms and Security pages that reflect the current product.
We validate uploaded files for structure, expected formats and suspicious content, and reject files that fail validation or exceed relevant limits. We also treat AI output and automated posting as reviewable workflow steps, not unquestioned final decisions.
Reporting Security Vulnerabilities
If you believe you have discovered a security vulnerability in The IQ Suite, we encourage you to report it to us responsibly. Please email the details to:
We appreciate the efforts of security researchers in helping keep our platform safe.
Reconcile with Confidence
Work faster while keeping financial data protected, reviewable and under your control.