How iQ Intel measures commercial tenant credit risk.

The input to every iQ Intel product is a research event — a single instance of a CRE professional running a tenant-underwriting workflow on the TenantIQ platform. Each workflow invokes a set of parallel research sub-agents (financial, operational, litigation, market position) and produces a structured output describing the subject company at that point in time.

An ETL process (intelligence_capture.py) runs against every completed report. It strips researcher identity, the property the research was run for, and any personally identifiable field, then writes a de-identified snapshot to the intelligence.company_intelligence table alongside a row in intelligence.demand_events capturing the geography and industry of the lookup. Nothing in the downstream intelligence schema ties back to an individual TenantIQ user, tenant, or property.

The capture path is one-way and append-only. Every event is recorded in capture_audit_log for lineage. Re-ingestion requires an explicit backfill operation and leaves an audit trail.

De-identification is enforced twice: once at ingestion (field stripping) and again at publication (min-N suppression). Min-N is the minimum number of contributing events a bucket must contain before any figure derived from that bucket is exposed to a subscriber. iQ Intel runs two thresholds:

• N ≥ 3 reports per industry-quarter for Tenant Risk Index benchmarks (MIN_N_REPORTS_FOR_INDUSTRY=3)
• N ≥ 5 events per city-period for Market Demand heat-map cells (MIN_N_EVENTS_FOR_CITY=5)

Buckets below threshold are suppressed for that period only. When the next capture window adds volume, the bucket automatically resumes. No partial release, no "approximate" figures, no small-N disclaimers — the row simply does not appear in the output.

Min-N is enforced in code rather than editorially. The min-n-guard module is the single checkpoint every product surface passes through before emitting a figure, which keeps the controls auditable and verifiable by third-party review.

Each captured report produces dimension sub-scores across four independent risk vectors. The composite is a weighted combination of those sub-scores; weights and the full calculation are documented in the methodology appendix that ships with every quarterly TRI report.

At the industry-quarter level, iQ Intel publishes the p25, median, and p75 of the composite across all contributing reports, along with dimension averages and the top ten positive and negative QoQ movers. Individual report scores are never exposed in aggregate products — the industry distribution is the unit of publication.

Quarter-over-quarter (QoQ) deltas are the signed difference between the current quarter's figure and the prior quarter's figure for the same bucket. Deltas are computed at both the composite and dimension level and are only published when both the current and prior quarter independently cleared the min-N threshold.

The rollup job (refresh_benchmarks_rollup) runs daily at 02:00 UTC under pg_cron and rebuilds the full benchmark history from the underlying report set. This means a late-arriving report can retroactively adjust a prior quarter's published bucket; the methodology appendix dates the rollup so subscribers know which snapshot they are working from.

The ten industries with the largest positive and largest negative QoQ composite deltas are surfaced as the “top improvers” and “top deteriorators” list in the quarterly report — an early signal for sector rotation that can be cross-referenced against the dimension breakdown to identify the underlying driver.

Credit Drift Alerts work at the company level rather than the industry aggregate. For every company on a customer's watchlist, the system compares the most recent composite score against the rolling history in intelligence.score_history. When the drop exceeds the customer's configured threshold within the configured lookback window, a drift event is materialized in intelligence.drift_alerts.

The detection cron (detect_drift_alerts) runs every six hours. Once an alert is materialized, the delivery worker emails the account owner and POSTs a signed webhook to any configured endpoint. Webhook payloads carry an X-Intel-Signature header — HMAC-SHA256 over {timestamp}.{raw_body} with the account's signing secret — and must be verified by the receiver before acting on the payload.

Dimension-level drift is supported independently of composite drift — a watchlist can, for example, fire only on financial-dimension drops, which is useful for credit officers focused on a specific risk vector.

Three governance controls run in parallel across every iQ Intel product:

• De-identification at capture — researcher identity, subject property, and any personally identifiable field are stripped before the event reaches the intelligence schema.
• Commercial-entity-only scope — no individual consumer signals are ingested or exposed. Every subject is a commercial tenant, landlord, or operator.
• Min-N suppression at publish — no bucket ships without clearing the de-identification floor.

Because iQ Intel is not a consumer reporting agency and its outputs are not consumer reports, the Fair Credit Reporting Act and the Fair Credit Billing Act do not apply. Customers must not use iQ Intel outputs to make decisions about individual consumers. The regulatory perimeter is commercial-tenant diligence, which sits outside the FCRA framework.

Row-level security is enforced in Postgres on every table in the intelligence schema. Authenticated reads are scoped to a subscriber's entitled products through the accessible_subscriptions RPC, and service-role access is restricted to operational jobs. Audit logging is continuous in capture_audit_log and webhook_events.