Security
CFO-grade data security. No compromises.
Your financial data is among the most sensitive information in your organization. We built our platform to protect it accordingly.
Architecture
Security by architecture, not by policy.
Data protection isn't an afterthought — it's embedded in how our platform is built. Every architectural decision prioritizes client data isolation and confidentiality.
Schema-per-tenant isolation
Every client's data lives in a completely separate database schema. There is no possibility of data mixing between clients, even at the infrastructure level.
End-to-end encryption
All data is encrypted in transit using TLS 1.3 and at rest using AES-256. Encryption keys are rotated regularly and managed through a dedicated key management service.
EU data residency
All data processing and storage occurs within the European Union. No data is transferred outside EU borders unless explicitly agreed with the client.
No model training on client data
Your data is never used to train, fine-tune, or improve AI models — ours or anyone else's. LLMs are accessed via API with zero data retention on the provider side.
Need-to-know access control
Strict role-based access ensures only authorized team members can view client data. Every access event is logged in an immutable audit trail.
Complete audit trails
Every data access, processing action, and system event is recorded. Clients can request a full audit log for their engagement at any time.
Compliance
Standards we meet. Commitments we keep.
GDPR Compliant
Full compliance with the General Data Protection Regulation. Data processing agreements, privacy impact assessments, and data subject rights fully implemented.
SOC 2 Type II
Infrastructure hosted in SOC 2 Type II certified environments, ensuring continuous monitoring and verification of security controls.
NDA Available
Mutual Non-Disclosure Agreement signed before any data exchange. Available upon request during initial conversation.
EU Data Residency
All data stored and processed within the European Union. No cross-border transfers without explicit client consent.
FAQ
Frequently asked questions.
How do you access our data?
We connect to your existing systems through secure, read-only APIs or encrypted file transfers. We never require write access, and all connections are established in coordination with your IT team. Data is ingested into your dedicated, isolated environment.
Can you see data from other clients?
No. We use schema-per-tenant database isolation, meaning your data exists in a completely separate schema. There is no technical possibility of cross-client data access, even for our own team members working on other engagements.
Do you use our data to train AI models?
Never. Your data is never used to train, fine-tune, or improve any AI model. The LLMs we use are accessed via API with strict data processing agreements that prohibit provider-side retention. Your proprietary information stays yours.
Where is our data stored?
All data is stored and processed within the European Union, in SOC 2 Type II certified infrastructure. We do not transfer data outside the EU unless explicitly agreed upon with the client, and only with appropriate legal safeguards in place.
What happens to our data after the engagement?
All client data is securely deleted within 90 days of engagement conclusion, unless a longer retention period is explicitly agreed upon. We provide a certificate of destruction upon request. Aggregate, non-identifiable statistics may be retained for service improvement.
Who on your team can see our data?
Only team members directly assigned to your engagement have access, and only to the extent necessary for their role. All access is logged in an immutable audit trail that clients can review at any time.
Can we sign an NDA before sharing data?
Absolutely. We recommend it. A mutual Non-Disclosure Agreement is available and typically signed before any data-related discussions begin. Simply mention this during your initial conversation or contact us directly.
What if we find the analysis isn't worth it?
Since we operate on a success-fee model, there is zero financial risk to you. If our analysis doesn't find recoverable value, you pay nothing. We also provide a preliminary assessment before any formal engagement begins.
Have security questions? Let's talk.
We're happy to discuss our security practices in detail before any engagement.
Request a confidential discussionResponse within 24 hours. NDA available upon request.