ioZen Security and Privacy
ioZen is designed for teams handling sensitive information. Privacy controls are built into the product, not bolted on after the fact.
Multi-Tenant Isolation
Section titled “Multi-Tenant Isolation”Every workspace is completely isolated. Row Level Security (RLS) is enforced on all database tables, so one workspace can never see another’s data. This isn’t optional or configurable. It’s how every query runs.
Workspaces have three roles:
| Role | Can do |
|---|---|
| Owner | Everything. Billing, API keys, member management, danger zone. |
| Admin | Everything except billing and ownership transfer. |
| Member | Use FlowApps, view submissions, manage contacts. Cannot change settings. |
Roles apply at the workspace level. All plans include role-based access.
Private Fields
Section titled “Private Fields”Mark any IntakeBot field as private to keep its data out of AI processing:
- AI Field Intelligence will not see or use the value
- AI Content Generation will not receive it as context
- Template variables resolve to
[Private]instead of the actual value - The data is stored separately with restricted access
Use private fields for SSNs, medical info, financial data, or anything that shouldn’t touch an AI model.
Available on the Business plan.
Encrypted Fields
Section titled “Encrypted Fields”For the highest sensitivity data, encrypted fields use Supabase Vault for at-rest encryption:
- Values are encrypted before storage
- Only decrypted when explicitly accessed by authorized users
- Provides an additional layer beyond standard database encryption
Use encrypted fields for data subject to regulatory requirements (HIPAA, GDPR Article 32).
Available on the Business plan.
Data Retention
Section titled “Data Retention”How long data is kept depends on your plan:
| Plan | Retention |
|---|---|
| Free | 90 days |
| Pro | 365 days |
| Business | Unlimited |
After the retention period, submission data is permanently deleted.
Infrastructure
Section titled “Infrastructure”- Encryption in transit: TLS 1.3 for all connections
- Encryption at rest: AES-256 for stored data
- Infrastructure: Built on SOC 2 Type II certified providers
- Compliance: Working toward GDPR, CCPA, and HIPAA compliance
See our Security page for current compliance status, and our Privacy Policy for how data is handled.
AI and Your Data
Section titled “AI and Your Data”ioZen uses AI for field intelligence, content generation, and document extraction. Here’s what to know:
- Your data is never used to train AI models
- You control which fields use AI on a per-field basis
- Private fields are excluded from all AI processing
- AI providers process data but do not retain it
See our Privacy Policy for full details on AI data handling.
Next steps
Section titled “Next steps”- IntakeBots for configuring private and encrypted fields
- Developer Tools for API key security and scoped permissions