Security & data protection

Built for sensitive financial data: encryption by default, strict access control, and continuous monitoring.

Encryption
AES‑256 at rest • TLS 1.3 in transit • field‑level where required
Access
RLS per user/org • least privilege • short‑lived tokens
Monitoring
24/7 logs • anomaly detection • incident runbooks
Compliance
GDPR/CCPA • SOC 2 program • regular pen‑tests

Our security pillars

Clear controls you can rely on across encryption, access, infrastructure, and governance.

Encryption

  • AES‑256 at rest with managed keys and rotation
  • TLS 1.3 in transit with modern cipher suites
  • Selective field‑level encryption for sensitive attributes

Access & segmentation

  • Role‑Level Security (RLS) enforced in the database layer
  • Least privilege access • scoped service roles • time‑boxed elevation
  • Session hardening with HttpOnly/Secure cookies and rotation

Infrastructure

  • SOC 2 aligned platform with WAF and DDoS protection
  • 24/7 monitoring, alerting, and anomaly detection
  • Redundancy, backups, and regional failover strategies

Data governance

  • Data minimization, retention limits, and secure deletion
  • Audit trails for security‑relevant events
  • Ongoing pen‑tests, code scanning, and dependency checks

Current status

  • GDPR and CCPA compliant
  • Regular penetration testing
  • SOC 2 program active (Type I initiated; Type II planned)

Practices

  • Secure SDLC with code scanning
  • Automated dependency monitoring
  • Documented incident response runbooks
GDPR
CCPA
SOC 2

Responsible disclosure

We welcome vulnerability disclosures from researchers and the community. Please provide clear steps to reproduce. We acknowledge valid reports quickly and keep you informed as we remediate.