Last updated: April 10, 2026
Our security philosophy
Security at IAM360 is not a checklist — it's a design principle. From the way we store feedback to the way we generate reports, every layer of the platform is built to protect employee data and organizational trust.
IAM360 is designed for insight without exposure. Admins see patterns — never individuals.
Data encryption
- All data is encrypted in transit using TLS 1.2+
- Data at rest is encrypted using AES-256
- Passwords are hashed and never stored in plain text
- API communications are secured with token-based authentication
Anonymity architecture
Anonymous feedback submissions are processed without identity attachment at every stage of the pipeline — from submission to storage to reporting. Identity is not attached as a field that can be "turned on" — it is architecturally excluded from anonymous submissions.
Access controls
- Role-based access — admins only see what their role permits
- Organization data is strictly isolated — no cross-organization data access
- All admin actions are logged for audit purposes
- Session management with automatic timeout
Infrastructure
- Hosted on secure cloud infrastructure
- Regular automated backups
- Uptime monitoring and incident alerting
- Regular security reviews and dependency updates
Privacy thresholds
IAM360 enforces configurable minimum group thresholds in all reporting. No data from groups below the minimum is ever surfaced in dashboards or exports. This protects employees in smaller teams or departments.
Reporting a security issue
If you discover a security vulnerability, please report it responsibly to info@iam360.app. We take all reports seriously and will respond promptly.