HelpMarket
IQ Pitchby HelpMarket
Security

Trust & Security

Last updated · 19 June 2026

This page is maintained by HELPMARKET IP PTY LTD to answer common security, privacy, and compliance questions about IQ Pitch. It describes current, app-visible controls. It is not an independent audit or certification.

Platform & hosting

  • Hosted on managed cloud infrastructure with reputable Tier-1 providers.
  • Database: managed Postgres with row-level security enabled on user-data tables.
  • All traffic served over HTTPS (TLS 1.2 or higher).
  • File storage encrypted at rest using provider-managed keys.

Access control

  • Email/password and Google sign-in supported. Passwords are hashed by our identity provider; we never see plaintext passwords.
  • Leaked-password protection is available and enforced on sign-up.
  • Role-based access internally — admin tooling is gated by a dedicated admin role, not stored on user profiles.
  • Database access scoped by row-level security policies; users can only read and modify their own decks and analyses.

How we handle your decks

  • We do not train AI models on your decks. Decks are sent to LLM providers (e.g. OpenAI) only to generate your analysis, under API agreements that exclude customer content from model training.
  • Decks are stored in a private, non-public storage bucket and accessed via short-lived signed URLs.
  • Decks are never made public unless you explicitly generate a share link.
  • You can delete decks and your account at any time; deletion propagates to derived analyses within 30 days.

Payments

  • Payments processed by Stripe. Card details never touch our servers.
  • Stripe is PCI-DSS Level 1 certified; we rely on their certified infrastructure for cardholder data handling.

Subprocessors

  • Cloud hosting & database — managed cloud infrastructure provider.
  • OpenAI — large language model API for deck analysis.
  • Stripe Payments Australia Pty Ltd — subscription billing and payment processing.
  • Transactional email provider — receipts, password resets, analysis notifications.

Operational security

  • Application code is reviewed before deployment.
  • Automated dependency scanning for known vulnerabilities.
  • Production secrets stored in a managed secrets vault, not in source control.
  • Production database access is restricted to a small number of authorised maintainers.

Incident response

If we become aware of a data breach likely to result in serious harm, we will investigate promptly, notify affected users, and notify the Office of the Australian Information Commissioner (OAIC) where required by the Notifiable Data Breaches scheme.

Compliance posture

We operate under Australian privacy law (Privacy Act 1988 (Cth), Australian Privacy Principles). We are not currently SOC 2, ISO 27001, or HIPAA certified. Enterprise customers requiring a security questionnaire or DPA can contact us below.

Reporting a security issue

If you believe you've found a security vulnerability, please email admin@iqpitch.com with details and steps to reproduce. Please do not publicly disclose the issue until we've had a reasonable opportunity to address it.

Contact

HELPMARKET IP PTY LTD · ABN 64 630 510 959 · Australia
admin@iqpitch.com