Security

The product runs on your network

• Single Windows installer. Single-tenant. Runs on your engineer's laptop or a dedicated bench machine.
• All product services bind to the local loopback interface — never to a LAN-routable address. Nothing in the install is reachable from another machine on the network without an explicit reverse-proxy setup that you control.
• No telemetry. No phone-home. No usage analytics flowing out of the product.
• The product's database is bundled with the install and lives in the user profile directory on the engineer's machine.

Bring your own LLM keys

• You configure an API key for your chosen LLM provider — Anthropic, an OpenAI-compatible endpoint, or Azure OpenAI. The product does not bundle a key and does not see prompts until you provide one.
• Outbound LLM traffic flows directly from your machine to your chosen provider over your network. ATE·IQ has no proxy or relay in the middle.
• If you point the provider config at an internal LLM (e.g. Azure OpenAI in your tenant, or a self-hosted gateway), outbound stays inside your perimeter.

Encryption

• Stored secrets — git access tokens, LLM provider keys, requirements-system credentials — are encrypted at rest with industry-standard authenticated symmetric encryption before insertion into the local database.
• The encryption key is loaded from a customer-controlled environment variable. It is never bundled in the application image.
• The local HTTPS surface used by the Excel task pane uses certificates from a CA trusted in the Windows root store of the engineer's machine. No public-internet certificate authority is involved.

File access

• When the Excel task pane reads a workbook from disk, the local server enforces a path allow-list: paths must resolve under the engineer's user profile or a recognised OneDrive sync root.
• Path-traversal attempts and absolute paths outside the allow-list are rejected before any file handle is opened.
• File extensions are validated against the expected test-program formats before parsing.

Authentication (multi-user installs)

• If the install is used by more than one engineer, authentication is required. Sessions are HTTP-only cookies bound to the local loopback host.
• Failed login attempts are rate-limited per source. Password verification runs in constant time relative to whether the username exists, to remove the side-channel that would let an attacker enumerate valid accounts.
• Page-level access checks are enforced at the route boundary; API endpoints re-check authorisation independently rather than inheriting it from middleware.

The marketing site (this site)

• Served from a global edge CDN. The only dynamic surface is the contact form, which posts to a single edge function.
• No analytics, no tracking pixels, no third-party JavaScript. The only outbound from the form is to a transactional email provider, then on to a Google Workspace inbox at [email protected].
• The Cloudflare zone has WAF and bot management enabled at the edge.

What we don't claim

ATE·IQ is a pre-launch product operated by a small Ireland-registered company. We have not yet completed a SOC 2 / ISO 27001 audit and we don't claim certifications we don't hold. What we offer pre-pilot is:

• A signed NDA, turned in 24 hours from your template.
• A custom Data Processing Agreement covering the marketing-site contact form and the pilot engagement separately.
• Answers to your vendor-security questionnaire at the level of detail appropriate under NDA.
• Direct access to the engineer who owns the code.

Reporting a security issue

Email [email protected] with subject prefix SECURITY. Please don't open a public GitHub issue for vulnerabilities. We acknowledge within 48 hours.