Security & Trust

Built for enterprises
that cannot afford surprises.

We handle sensitive financial data, operational workflows, and enterprise documents. Security is not an afterthought — it is embedded in every layer of how we build and operate. This page documents our current posture and where we are heading.

What is in place today

Current security controls

Security headers enforced on all web properties (HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy)

Production source maps disabled — source code not exposed in browser

IP-based rate limiting on all public API endpoints

Input validation and structured output enforcement on all AI pipeline outputs

Immutable audit logs on all autonomous financial actions

Rollback capability at every execution step in financial workflows

Data encrypted in transit (TLS 1.2+) and at rest (AES-256)

Principle of least privilege enforced on all service accounts

Dependency vulnerability scanning on CI/CD pipelines

2FA enforced on all production infrastructure access

Incident response process with defined escalation paths

Vendor security assessments for all sub-processors

Compliance posture

Certifications & frameworks

GDPR

Aligned

We process personal data of EU residents in accordance with GDPR principles. Lawful basis documented, data retention limits enforced, data subject rights supported, sub-processor agreements in place.

Cookie consent mechanism implemented

Data subject rights (access, deletion, portability) supported

Data Processing Agreements with all sub-processors

Breach notification process defined (72-hour window)

Data retention limits enforced per product configuration

SOC 2 Type II

In Progress

We are actively building toward SOC 2 Type II certification across the Trust Service Criteria: Security, Availability, Processing Integrity, Confidentiality, and Privacy. Target audit window: Q1 2027.

Security policies drafted and under review

Access control framework implemented

Logging and monitoring infrastructure deployed

Vendor management program established

Employee security training program in development

Formal audit engagement: Q3 2026

ISO 27001

Roadmap

ISO 27001 certification is on our roadmap following SOC 2. As an internationally recognized standard, it is particularly relevant for our European and government clients. Target: Q2 2027.

ISMS scope definition: Q3 2026

Risk assessment framework: Q4 2026

Control implementation: Q1 2027

Internal audit: Q2 2027

Certification audit: Q3 2027

Data handling principles

How we handle your data

We do not sell your data

Your data is used exclusively to provide the services you have contracted. We do not sell, license, or share personal or operational data with third parties for advertising or analytics purposes.

Minimal data collection

We collect only what is necessary to deliver the service. Document content processed through our AI pipelines is not retained beyond your configured retention period and is never used to train models.

You own your data

You can export or delete your data at any time. On contract termination, personal data is deleted or anonymized within 90 days. We provide export tooling for all structured data we hold on your behalf.

Need our security documentation?

We provide a security questionnaire response, sub-processor list, and data processing agreement for enterprise clients. Request via our contact page or reach out directly.

Request docs

Built for enterprisesthat cannot afford surprises.