HomeWhy arbitrIQ How It Works Conceptual FrameworkPractical Walkthrough More Trust & SecurityFor ConsultantsPricingFAQ Get Started

Home / Trust & Security

Enterprise-ready
by design

Strategic decisions involve sensitive data — financials, M&A targets, competitive intelligence. arbitrIQ is built with security as a foundational requirement, not an afterthought.

Application Security Governance & Auditability Integration & Workflow ROI & Time Savings
Application Security

Security architecture — open to inspection

arbitrIQ is built with security as a foundational requirement, not an afterthought. User passwords are never stored in readable form — they are protected using bcrypt, the industry-standard algorithm that makes brute-force cracking computationally impractical even if a database were ever compromised. Session tokens are generated using a cryptographically secure random source and stored only as hashed values, meaning a stolen token file would be useless to an attacker.

To block automated attacks, the platform enforces account lockouts after five failed login attempts within fifteen minutes, and caps password-reset requests at three per hour. Every new account must verify its email address before gaining access, and an optional two-factor authentication layer is available for users who want an additional line of defence.

On the network side, all communications are enforced over HTTPS with a strict HSTS policy, and every page response carries security headers that prevent clickjacking, content injection, and MIME-type confusion. Database queries are handled exclusively through a parameterised ORM, eliminating the entire class of SQL-injection vulnerabilities.

Payment flows are secured end-to-end through Stripe's signature-verified webhooks, and all API credentials are stored as environment variables — never hard-coded into the application. Security-relevant events (failed logins, password resets, financial operations) are systematically logged, providing an audit trail for incident detection and response.

Two-factor authentication (2FA) is available for users who want an additional line of defence. It is implemented using time-based one-time passwords (TOTP) that are sent by email and verified against a server-side secret.

GDPR-native: EU-headquartered company (Belgium). Data processing complies with European data protection standards by default.
Zero training: Your documents and analyses are never used to train any AI models. Your data stays yours.
Multi-provider architecture: Models from Anthropic, OpenAI, and Google accessed through zero-data-retention API agreements.
Enterprise options: SSO, dedicated environments, and private deployments available for enterprise plans.
Governance & Auditability

Every recommendation comes with its reasoning

Board-level decisions require more than a recommendation — they require a defensible record of how that recommendation was reached.

Full debate transcript: Every argument, counter-argument, and evaluator assessment is recorded and available for review.
Structured scoring: Each dimension is evaluated independently with explicit criteria and rationale.
Uncertainty flagging: The system identifies what remains unresolved, not just what was concluded.
Configurable governance profiles: Adjust dimensions, debate depth, and search intensity to match the stakes of each decision.
Decision support, not replacement: arbitrIQ provides the analysis and structured opposition — judgment and accountability remain with the decision-maker.

The governance question

"Can I show my board how this recommendation was reached?"

With arbitrIQ: yes. Every debate dimension includes full arguments from both sides, evaluator scoring, and a clear synthesis chain. The transcript is your audit trail.

Integration & Workflow

Fits into your existing decision process

arbitrIQ sits between problem identification and decision commitment. Use it after framing the question and before presenting to the board.

Document upload: Submit financials, reports, market data, and websites. The Director extracts and processes relevant information.
Flexible depth: From 10-minute rapid triage to 30+ minute governance-grade analysis. Match the tool's effort to the decision's stakes.
Export-ready output: Executive reports and full transcripts designed for board presentations, client deliverables, and internal review.
Web-based platform: No installation required. Accessible from any browser. Workspace saves your analyses for reference.
Team-friendly: Results can be shared and reviewed by multiple stakeholders within an organization.

The workflow question

"How does this fit into our existing decision process?"

arbitrIQ integrates into your existing governance process. The output is designed for board presentations, client deliverables, and internal decision records.

ROI & Time Savings

Priced as software, used for decisions that justify consulting budgets

Cost comparison: A single arbitrIQ analysis costs a fraction of a day of strategic consulting. The output is often comparable in depth.
Time compression: What takes days of research, debate prep, and synthesis runs in 10–30 minutes of automated structured contradiction.
Blind spot prevention: One avoided blind spot in an M&A, investment, or market entry decision typically offsets years of subscription cost.
Higher throughput: Run multiple strategic scenarios per week instead of per quarter. Test more hypotheses, explore more options.
Scalable governance: Apply structured contradiction to decisions that previously didn't justify the cost of external review.

The ROI question

"Is this worth the investment compared to what we already do?"

If your decisions involve millions in capital allocation, the question isn't whether structured contradiction is worth €199/month — it's whether you can afford not to have it.

See the value for yourself

Start with a single analysis. No commitment required.

Launch arbitrIQ See Pricing

Analysis informs decisions. Governance protects them.