Security

Bank-grade. Audit-grade. Built-in by default.

Every customer data point encrypted at rest and in flight. Every privileged action requires step-up MFA. Every event is signed, immutable, and exportable.

Download SOC 2 report Security questionnaire

SOC 2

Type II

Annual audit

AES-256

Encryption at rest

Customer-managed keys

TLS 1.3

In flight

Default everywhere

7 yrs

Audit retention

Immutable

Foundations

The defaults regulators expect

Encryption everywhere

AES-256-GCM at rest. TLS 1.3 in flight. Customer-managed keys (CMK) available on Enterprise tier.

MFA + step-up

TOTP + recovery codes. Step-up required for privileged ops (manual override, AML dismiss, doc unredact).

RBAC (14 × 60+)

14 built-in roles × 60+ permissions. Per-tenant overrides. Admin Force-MFA + Suspend.

Audit log

Every action signed + timestamped + actor-attributed. 7-year retention. Regulator-ready export.

Data residency

Canada / US / EU options. Enterprise can pin per-tenant residency. Right-to-erasure flows.

Infrastructure

Hosted on SOC 2 / ISO 27001 cloud. Multi-region active-active. RPO 5min, RTO 1hr.

Uptime + observability

99.99% target. Public status page. Synthetic monitoring + real-user observability.

Incident response

24/7 on-call. <30min initial response on Sev 1. Public post-mortems for every incident.

Pentest + bug bounty

Annual third-party pentest. Continuous bug bounty via HackerOne. Disclosed in security report.

Audit log

Every action. Forever.

Every login, every doc access, every privileged operation is signed and immutable. Export anytime as JSON, CSV, or regulator-formatted PDF. Hashed chain integrity prevents tampering.

Audit · last 5 events

12:04:11doc.viewufa@msaPatel deal · NOA 2024
12:02:54aml.dismissufa@msaPatel deal · PEP false-positive
11:58:18login.successufa@msaMFA verified · IP 24.x.x.x
11:42:02admin.force_mfaufa@msaTarget: agent@msa
11:24:11policy.updateufa@msaLender list updated

Each row signed with deterministic hash. Chain integrity verified hourly.

Ready when you are

Get the full security overview

Request our SOC 2 Type II report, security questionnaire response, and pentest summary.

Request SOC 2 report See pricing