Security | IgniteHQ

IgniteHQ

Security

Last updated: June 4, 2026

IgniteHQ is built for advisory firms and households working with sensitive financial-planning information. This page summarizes our public security posture without disclosing internal implementation details that could weaken protection.

Security is a core part of IgniteHQ. Our goal is to help advisory firms organize client information, planning workflows, documents, notes, tasks, messages, and financial goals while protecting firm and household data from unauthorized access.

Firm and household separation IgniteHQ is designed so firm data, advisor access, household records, and client workspaces are scoped to the correct firm and household.
Role-based access Access is controlled by user role, firm membership, advisor/staff permissions, and household assignment.
Secure login workflows IgniteHQ supports account verification, trusted-device controls, password reset workflows, and login security records.
Vendor and infrastructure safeguards IgniteHQ uses reputable infrastructure and service providers to support hosting, authentication, storage, email, and related platform operations.

How IgniteHQ Protects Data

  • Encrypted HTTPS connections for data in transit.
  • Infrastructure-level encryption for stored data through platform providers.
  • Server-side authorization checks for sensitive workflows.
  • Role-based permissions for platform, firm, advisor, staff, and client users.
  • Firm-level and household-level data separation.
  • Private handling of secure vault documents and client files.
  • Login, account, security, and important action records.
  • Session-aware browser storage practices designed to limit sensitive long-lived browser data.
  • Vendor review for core service providers that host, secure, deliver, or support IgniteHQ.
  • Backup, recovery, and incident-response planning as part of production operations.

Access Controls

IgniteHQ is designed around least-privilege access. Advisors, staff, clients, and platform administrators should only access the information they are authorized to view or manage. Hiding a button or page is not treated as security; sensitive workflows are designed to check permissions before data is viewed, changed, shared, archived, deleted, or exported.

Client and Household Data

IgniteHQ may store client profiles, household details, financial planning information, net worth data, budgets, goals, secure documents, notes, tasks, and communication records. We treat this information as sensitive and use safeguards appropriate for financial-planning workflows.

Secure Vault and Documents

Documents uploaded to IgniteHQ are intended to be handled through secure storage and controlled access. Firms and users should only upload documents they are authorized to share and should avoid uploading unnecessary sensitive information.

Third-Party Providers

IgniteHQ uses third-party providers to support hosting, authentication, database/storage, transactional email, and optional integrations. These providers are used to operate and secure the service and are not permitted to use client information for their own marketing purposes.

User Responsibilities

Security also depends on safe user behavior. Users should:

  • Use strong, unique passwords and keep login credentials private.
  • Use available verification and trusted-device features responsibly.
  • Sign out when using a shared or public device.
  • Keep devices, browsers, and operating systems up to date.
  • Promptly report suspected unauthorized access or suspicious activity.
  • Only upload or share information they are authorized to provide.

Incident Response

IgniteHQ maintains procedures for reviewing, escalating, and responding to potential security incidents. If we determine that notice is legally required, we will provide notice consistent with applicable law and our obligations to advisory firms and affected users.

Important Limitation

No online system can be guaranteed 100% secure. IgniteHQ continually works to improve its safeguards, but users and advisory firms should maintain their own security practices, compliance policies, and supervisory controls.

Security Contact

To report a suspected security issue, contact:
Email: joelmiller@ignitehq.app

Please do not include passwords, full account numbers, Social Security numbers, or other unnecessary sensitive information in email.