NoviqData
About

[ Commitments ]

The standards we hold ourselves to.

We sell intelligence. That comes with responsibility to clients, to end users, to the team, and to the systems we touch. These are the lines we hold.

Environmental, Social & Governance

Lightweight footprint by design, and accountable for the rest.

  • · Cloud workloads on carbon-aware regions where supported
  • · Remote-first operations with no commute emissions and a low office footprint
  • · Annual operational impact review tracked against prior year
  • · Transparent governance: every engagement has a named partner owner

Work-life balance

We protect our team's calendar so the work stays sharp.

  • · Four-day deep-work weeks during build phases, with no meeting Mondays
  • · Hard stop on weekend client communication except for sev-1 incidents
  • · Mandatory PTO usage with minimums, not maximums
  • · Quarterly mental health stipend for every team member

Data ethics & AI safety

We refuse projects that compromise user dignity or autonomy.

  • · AI agents shipped with human-in-the-loop for high-stakes decisions
  • · No dark patterns, manipulative UX, or coercive automation
  • · Bias audits on any model touching hiring, lending, or healthcare
  • · Client gets full model transparency and prompt ownership at handover

Diversity & inclusion

Senior talent over senior demographics.

  • · Blind technical screens with no names or photos on initial review
  • · Pay transparency: bands published internally, anchored to skill not negotiation
  • · Career development budget every team member can spend without approval
  • · We track and report demographic balance in hiring quarterly

[ Compliance & industry standards ]

Aligned with the frameworks our clients require.

We don't claim certifications we don't hold. Below is an honest map of where we stand, what's in progress, and what's on our roadmap.

GDPR

Aligned

EU data protection: lawful basis, DPA, right-to-erasure workflows.

SOC 2 Type II

In progress

Security, availability, and confidentiality controls audited annually.

ISO 27001

Roadmap

Information security management system with risk-based controls.

HIPAA (where relevant)

Aligned

PHI handling for US healthcare engagements: BAAs, access controls, audit trails.

PCI-DSS (where relevant)

Aligned

Payment data handling: never store card data; tokenisation-only architectures.

WCAG 2.2 AA

Aligned

Accessibility baseline for every dashboard and customer-facing surface we ship.

[ Operating principles ]

How we work, every engagement.

Least privilege by default

Every system we deploy starts from zero trust. We grant access narrowly, audit it quarterly, and revoke it the day an engagement ends.

Documented or it didn't happen

Architecture decisions, model prompts, and schema designs are all documented in your repo. No black boxes when we hand off.

Vendor-neutral advice

We don't take kickbacks from cloud providers, BI vendors, or AI labs. Recommendations are based on fit, not commission.

Local before global

We optimise for your data residency, regulatory regime, and team's working hours, not our convenience.