Built to be trusted with your destination's data.
Coniq protects shopper and destination data with access control, encryption and clear data-protection practices — and we're honest about what's in place today versus what we're working toward.
How we protect your data
Written for the people who sign off on a platform — CFO, IT and procurement. Plain claims, no security theatre.
Data protection & GDPR
Shopper and destination data is handled on a lawful basis with data-minimisation in mind. Designed to meet GDPR and UK GDPR obligations, with data-processing terms and support for data-subject requests.
Access control & audit
Role-based access control (RBAC) is live in our modern offer-management tool, so operators see only what their role allows — with an audit trail of who changed what, and when.
Encryption
Data is encrypted in transit with TLS, and encrypted at rest in our managed infrastructure. Secrets and keys are kept out of application code and rotated.
Reliability & uptime
The platform powers loyalty for leading destinations at scale today. We run on managed cloud infrastructure with monitoring, backups and a documented recovery approach.
Responsible AI
AI features are grounded in your own data, designed to be prompt-injection-hardened, and scoped to your tenant — your data is never used to train shared models. AI is how features work, not a black box bolted on.
Data residency & retention
Clear retention rules and the ability to export or delete data on request. We are happy to walk procurement and IT through where data lives and how long it is kept.
Where we stand on certifications
This is a preview, so we frame compliance honestly — what's in place today, and what we're working toward. We don't claim certifications we don't hold.
SOC 2
Working towardWe are building toward SOC 2-aligned controls — access, change management, monitoring and incident response — as we harden the modern platform.
ISO 27001
Designed to meetOur information-security practices are designed to meet ISO 27001 principles. Formal certification is on the roadmap, not yet in place.
GDPR
In placeGDPR and UK GDPR obligations are part of how we operate today, with data-processing agreements available for review.
Preview note: certification status shown here is illustrative for this preview site. We'll share current attestations, reports and our data-processing agreement under NDA during procurement.
A straight answer to your security review.
We're used to landlord and operator due diligence. Send your security questionnaire and we'll respond with what's in place, what's in progress, and the documents to back it up.
RBAC + audit trail
Live in the offer-management tool
Encryption in transit & at rest
TLS + managed key handling
Responsible AI
Grounded · tenant-scoped · not used to train shared models
Illustrative summary for preview.
Bring your security questions
We'd rather answer them straight than hide behind a badge wall.