Security, privacy, and compliance at IFO4. We practice the governance we preach.
Last updated: April 14, 2026
All Systems OperationalRing Method
Self-Assessed
Ring Score: 85
Click to expand
Type II
Controls Mapped
Click to expand
Information
Security Mapped
Click to expand
Data
Protection
Implemented
Click to expand
Healthcare
Data Ready
Click to expand
800-53
Controls Mapped
Click to expand
Government
Cloud Mapped
Click to expand
Payment
Processing
via Stripe
Click to expand
| Data Type | Storage | Encryption | Retention | Access |
|---|---|---|---|---|
| User accounts | AlloyDB | AES-256 | Account lifetime | Auth service only |
| Exam sessions | AlloyDB + BigQuery | AES-256 | 7 years | Proctoring service |
| Ring Assessments | BigQuery | AES-256 | Indefinite (anonymized) | Research team |
| Payment data | Stripe (not stored by IFO4) | PCI DSS | Per Stripe policy | Stripe only |
| Course progress | AlloyDB | AES-256 | Account lifetime | Learning service |
| Community posts | AlloyDB | AES-256 | Account lifetime + 30 days | Community service |
| Intelligence data | BigQuery | AES-256 | Indefinite | Research team |
| Blockchain records | Ethereum | Public chain | Permanent | Public |
| Provider | Purpose | Data Processed | Location |
|---|---|---|---|
| Google Cloud Platform | Infrastructure | All platform data | us-central1 |
| Stripe | Payment processing | Payment info | US |
| Google Workspace | Email delivery | Email addresses | US |
| Ethereum (Sepolia) | Blockchain verification | Credential hashes | Decentralized |
| Vanta | Compliance automation | Compliance evidence | US |
We score ourselves quarterly using the same Ring Methodology we ask our customers to implement.
Report a vulnerability
security@ifo4.orgRequest compliance documentation
compliance@ifo4.orgData subject requests
privacy@ifo4.orgIFO4's compliance is monitored by Vanta
SOC 2 and ISO 27001 controls continuously verified. Compliance evidence is collected automatically and reviewed on an ongoing basis.