shield_lock Security

Security you can hand toyour CISO on day one

Certified, isolated and designed for regulated financial workloads — from tenant separation and encryption to SSO, SCIM and audit-ready evidence

Independently audited & certified

Platform pillars

Six controls, one platform

The controls your risk, legal and security teams ask for on day one — built into the platform, not bolted on.

01
verified_user

SOC 2 Type II & ISO 27001

Annual third-party audits with continuous control monitoring. Full reports and letters of attestation available under NDA.

02
lock

Encryption everywhere

TLS 1.2+ in transit and AES-256 at rest with per-tenant key isolation. Customer-managed keys available on enterprise plans.

03
key

SSO, SCIM & RBAC

SAML and OIDC single sign-on, SCIM 2.0 provisioning, and role-based access down to the workflow and step level.

04
dns

Tenant isolation

Logical isolation by default. Dedicated infrastructure available for regulated customers with strict segregation requirements.

05
public

EU & US data residency

Pick a region and processing is enforced end-to-end. GDPR-native by default, with a DPA and sub-processor list on request.

06
receipt_long

Audit & evidence

Immutable audit logs, IP allow-listing, session controls and one-click evidence exports for regulator and internal audit.

At a glance

Technical specifications

The short version reviewers ask for first. Full detail lives in the security pack below.

Identity & access
SOC 2 Type II controls, SAML/OIDC single sign-on, enforced multi-factor authentication.
Governance controls
Native maker-checker (dual authorization) enforced on execution steps.
Audit capabilities
Immutable, non-destructive event log ready for internal audit and regulator review.
System orchestration
Bi-directional REST and GraphQL APIs plus event-driven webhooks.
External security
Logically isolated, encrypted workspaces for partner and client interactions.
Data handling
Standardised encrypted payload handling and credential storage across the platform.

The security pack

Everything your review team needs, in one PDF

Skip the six-week questionnaire loop. Our security pack is written for CISO, DPO and procurement reviewers — one download, one signature.

Request the pack
  • check_circle

    SOC 2 Type II report

    Latest audit period, under NDA.

  • check_circle

    ISO 27001 certificate

    Current scope, issued by our third-party auditor.

  • check_circle

    Penetration test summary

    Executive summary of the most recent third-party pen test.

  • check_circle

    Sub-processor list & DPA

    GDPR-ready Data Processing Agreement and current sub-processors.

  • check_circle

    Architecture & data-flow diagrams

    How tenant data moves through the platform and where it lives.

Ready when your security team is

Book a working session with our team — bring your questionnaire, leave with signed answers and a scoped pilot plan.