Mining capital projects involve commercially sensitive cost data, contractor headcount, safety performance, and partnership-level commercial terms. Indxdb is built to handle that — not retrofitted to.
Every component of Indxdb runs on Microsoft Azure infrastructure. We don't reinvent security primitives — we use the ones your IT and InfoSec teams have already approved.
Indxdb is hosted on Azure across multiple availability zones. We inherit Microsoft's physical security, network isolation, and platform-level compliance posture.
Single sign-on through your existing Entra ID (formerly Azure AD) tenancy. MFA enforced. Conditional access policies inherited. No separate user database for us to mismanage.
Reports run on Microsoft's Power BI Embedded service — the same secured platform Microsoft uses for its own enterprise customers. We embed it; we don't replicate it.
Each client's data is logically isolated at the storage and compute layer. Queries cannot cross tenant boundaries — enforced at the platform, not by convention.
If your InfoSec team requires it, your data never leaves your own Azure subscription. We deploy the reporting layer into your environment and connect to your data where it lives — we report on it, we don't move it.
We're an early-stage product. We're upfront about what we have today, what's in progress, and what's roadmap. No theatre.
Because Indxdb runs on Azure, the platform inherits Microsoft's existing certifications including SOC 1/2/3, ISO 27001/27017/27018, FedRAMP, HIPAA BAA, and over 90 region- and industry-specific compliance frameworks. We're happy to share Microsoft's audit reports as part of a security review.
We don't aggregate your data into ours. Your tenant is your tenant. The benchmarks in the Data Ecosystem are built from anonymised, de-identified, structurally-stripped insights from Mventech consulting work — never from client tenant data.
TLS 1.3 in transit. AES-256 at rest. Customer-managed encryption keys (CMK) available for Enterprise tenants who need to retain key control.
Choose your Azure region. Common deployments include South Africa North, Australia East, UK South, Brazil South. Data stays in-region by contract.
RBAC at the platform layer. Folder and report-level permissions. Row-level security via Power BI. Different audiences see different views of the same data.
Every access, export, configuration change and administrative action is logged. Logs are retained per tenant policy and exportable to your SIEM if required.
Daily snapshots with point-in-time restore. Geo-redundant storage available for disaster recovery scenarios. RTO and RPO targets defined per contract.
Continuous monitoring on Azure-managed components. Quarterly third-party penetration testing in progress as part of SOC 2 readiness. We share results under NDA.
In your Indxdb tenant on Azure, in the region you choose at deployment. It does not leave that region without explicit configuration on your part.
Yes — it's an Enterprise tier deployment option. We deploy the platform into your subscription, you retain full infrastructure control, we operate it under a managed-service agreement.
Only with explicit, time-limited, audit-logged authorisation — typically only for incident response or platform troubleshooting. Day-to-day operations don't require client data access.
You receive a full export in standard formats (Parquet, CSV) on request. After contract termination, your tenant data is retained for 30 days for restore purposes, then permanently deleted. Certificates of deletion provided.
Yes. We have standard responses for the most common ones (SIG, CAIQ) and we'll work through bespoke questionnaires as part of procurement. Most enterprise security reviews complete within two weeks.
Have your InfoSec or compliance lead on the next call. We'll walk through architecture, isolation, audit posture, and any specific requirement you need to validate.