Nextyn IQ
Sign InBook a Demo
Security & Compliance

Research that's defensible. Data that's protected.

Nextyn IQ is built for regulated workflows. Every claim is sourced, every expert anonymised, every access event logged.

Compliance & security posture

๐Ÿ”

SOC 2 Type II

Audit in progress, applied

๐Ÿ‡ช๐Ÿ‡บ

GDPR

Readiness in progress ยท DPA available

๐Ÿ‡ธ๐Ÿ‡ฌ

PDPA (Singapore)

Personal Data Protection Act aligned

๐Ÿ”’

Encryption

AES-256 at rest ยท TLS 1.3 in transit

How we anonymize experts

Every expert identity is protected end-to-end, from call preparation to published intelligence.

01

Identifier Substitution

Real names are replaced with structured codes (EXP-001, EXP-002โ€ฆ) before any transcript leaves the recording layer. Human reviewers see codes, not names.

02

Title Genericisation

Job titles are generalised to seniority + function descriptors: 'Former VP, Asia Logistics' not 'Former VP Operations at [Company]'. Identifiable role combinations are reviewed by our compliance team.

03

Sector Descriptors

Sector references use tier-1 generic categories: 'Southeast Asian grocery logistics', not a named operator. Case studies and published intelligence never include specific company names or deal identifiers.

04

Enforcement Layer

Our AI review layer flags 94% of potential re-identification vectors before human review. Anything above a 0.4 risk score is escalated to our compliance team before the call is released to analysts.

Role-based access control

Three roles (Owner, Editor, Viewer) with granular permissions per action.

Role permissions
ActionOwnerEditorViewer
View projects and claimsโœ“โœ“โœ“
Add expert callsโœ“โœ“โœ—
Edit thesis and annotationsโœ“โœ“โœ—
Export claim ledgers / reportsโœ“โœ“โœ—
Manage project membersโœ“โœ—โœ—
Delete calls or projectsโœ“โœ—โœ—
Access API keysโœ“โœ—โœ—

Complete audit trail

What we log

  • Every expert call ingestion (timestamp, analyst, project, call duration)
  • Every claim extraction and annotation event
  • Every export and PDF generation
  • Every login, permission change, and project access
  • Every API call including batch transcript uploads

Retention & access

  • Audit logs retained for 7 years
  • Exportable as CSV or via API (Owner role only)
  • Real-time log streaming available on larger-team plans
  • SIEM integration available (Splunk, Datadog, Elastic)

Incident response SLAs

We follow a three-phase response protocol for security incidents.

< 1 hour

Detection & triage

< 4 hours

Containment

< 24 hours

Customer notification

Regulatory notification: < 72 hours per GDPR Art. 33

Responsible disclosure

We maintain a responsible disclosure programme for security researchers. If you discover a potential vulnerability, email security@nextyn.com with a description, reproduction steps, and your contact details. We respond to all valid reports within 5 business days and coordinate a disclosure timeline with the reporter. We do not pursue legal action against good-faith researchers following responsible disclosure guidelines.

Request compliance documentation

We provide compliance documentation to qualified enquirers for due diligence and vendor assessment.

Security FAQ

Request compliance documentationBook a Demo โ†’