%20--%3e%3cdefs%3e%3cstyle%3e%20.st0%20{%20fill:%20url(%23linear-gradient);%20}%20.st1%20{%20fill:%20%232c3e50;%20}%20.st2%20{%20fill:%20%23964ad0;%20}%20%3c/style%3e%3clinearGradient%20id='linear-gradient'%20x1='1470.1'%20y1='674.5'%20x2='1674.2'%20y2='320.9'%20gradientTransform='translate(0%201077.9)%20scale(1%20-1)'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20offset='.2'%20stop-color='%23964ad0'/%3e%3cstop%20offset='.8'%20stop-color='%232c3e50'/%3e%3c/linearGradient%3e%3c/defs%3e%3cpath%20class='st1'%20d='M606.3,430.8c-68.4,0-123.9,48.1-123.9,123.9s55.5,123.9,123.9,123.9,123.9-48.1,123.9-123.9-55.5-123.9-123.9-123.9ZM606.3,643.7c-49.2,0-89-34.5-89-89s39.9-89,89-89,89,34.5,89,89-39.9,89-89,89Z'/%3e%3cpath%20class='st1'%20d='M421.7,392.8v72.8c-22.5-22.4-54.1-34.9-89-34.9-68.4,0-123.9,48.1-123.9,123.9s55.5,123.9,123.9,123.9,66.7-12.6,89.2-35.1l34.7,19v-288.6l-34.9,19ZM332.7,643.7c-49.2,0-89-34.5-89-89s39.9-89,89-89,89,34.5,89,88.9h0c0,54.5-39.8,89.1-89,89.1Z'/%3e%3cpath%20class='st1'%20d='M1110.6,430.8c-68.4,0-123.9,48.1-123.9,123.9s55.5,123.9,123.9,123.9,123.9-48.1,123.9-123.9c0-75.8-55.5-123.9-123.9-123.9ZM1110.6,643.7c-49.2,0-89-34.5-89-89s39.9-89,89-89,89,34.5,89,89-39.9,89-89,89Z'/%3e%3cpath%20class='st1'%20d='M960.7,533.1v129.3h-34.5v-122c0-52.2-28.6-76.2-63.9-76.2h-7.8c-35.3,0-63.9,23.9-63.9,76.2v122h-34.5v-129.3c0-69,50.2-100.7,96.8-100.8h10.9c46.7.1,96.9,31.8,96.9,100.8Z'/%3e%3cpath%20class='st1'%20d='M1357.3,432.3c-46.6.1-96.8,31.8-96.8,100.8v129.3h34.5v-122c0-52.2,28.6-76.2,63.9-76.2h8.3v-32h-9.9Z'/%3e%3cpath%20class='st0'%20d='M1676.5,465.9c-22.5-22.5-54.2-35.1-89.2-35.1-68.4,0-123.9,48.1-123.9,123.9s55.5,123.9,123.9,123.9,66.5-12.5,89-34.9v72.8l34.9,19.1v-288.7l-34.7,19ZM1587.3,643.6c-49.2,0-89-34.5-89-89s39.9-89,89-89,89,34.5,89,89h0c-.1,54.5-39.9,89-89,89ZM1434.2,662.4h-30.6v-220.6l30.6-16.7v237.3Z'/%3e%3cpolygon%20class='st2'%20points='1402.2%20363.3%201402.2%20371.7%201402.2%20375.4%201402.2%20402.6%201436.7%20383.7%201436.7%20375.4%201436.7%20371.7%201436.7%20344.5%201402.2%20363.3'/%3e%3c/svg%3e){kind=small}
Security & responsible disclosure
Last updated · May 10, 2026
We take the security of donoriq.ai and the DonorIQ product seriously and welcome reports from researchers acting in good faith. The site is operated by Ignitec Inc. DonorIQ is a product of Ignitec Inc.
Product security posture
DonorIQ is architected to HIPAA and SOC 2 standards. Formal third-party audits are in progress. We are not yet certified.
- Encryption. Data is encrypted in transit (TLS) and at rest.
- Tenant isolation. Single-tenant by default. Each customer environment is logically isolated. DonorIQ Cloud or deployment inside your own environment.
- Access control. Role-based access. Users see only cases and data they are permitted to access. SSO and MFA available.
- Audit logging. Immutable event logs record AI outputs, reviewer actions, overrides, escalations, and qualified human sign-offs.
- BAAs. Contact us to discuss your requirements as you evaluate.
- Model training. Customer data is not used to train shared models. Optional tenant-local pattern support is separately configured and scoped to that customer environment.
For security review questions, vendor assessments, or BAA discussions, contact security@donoriq.ai.
Our approach to website security
We follow industry-standard administrative, technical, and physical safeguards appropriate for the information handled by this website. We continuously review and improve those safeguards.
Reporting a vulnerability
If you believe you have found a security issue affecting donoriq.ai or the DonorIQ product, email security@donoriq.ai with:
- a description of the issue and its potential impact,
- steps to reproduce, including URLs and any relevant requests,
- your name or handle if you would like attribution.
Please give us a reasonable opportunity to investigate and remediate before any public disclosure.
Safe harbor
Good-faith research conducted in accordance with this policy will not be pursued by Ignitec. We will work with you to understand and resolve the issue and will not refer good-faith researchers to law enforcement.
To stay within scope, please:
- only test against accounts and data that belong to you,
- do not access, modify, or delete data that is not yours,
- do not perform denial-of-service, brute-force, social engineering, or physical attacks,
- do not test third-party services we do not operate, and
- do not publicly disclose details before we confirm a fix.
Out of scope
The following are out of scope for this program: social engineering of Ignitec employees or contractors, physical attacks, denial-of-service, attacks against third-party services we do not operate, and reports based solely on automated scanner output without a demonstrable security impact.
A note on data
Do not send confidential, regulated, or patient information in your report. Redact anything sensitive before attaching it.