Security is a headline feature
Executive financial, HR, and performance data is among the most sensitive data a company holds. We treat security as a core product capability.
Two-Factor Authentication
TOTP-based 2FA mandatory for all consultant and admin roles. Optional for client users. Compatible with any authenticator app.
End-to-End Encryption
TLS 1.3 in transit, AES-256 at rest. Field-level encryption for high-sensitivity data. Per-tenant encryption keys.
Role-Based Access Control
6 distinct roles with granular permissions. Row-level tenant isolation ensures clients never see other clients data.
Audit Trail
Immutable, append-only audit log for every view, export, suggestion, and data transmission. Customer-visible audit portal.
Consent-First Data Sharing
No data moves without explicit consent. Every transmission includes a signed data manifest with purpose and retention period.
Infrastructure Security
Zero-trust network architecture, private VPC, no public database endpoints, secrets in managed vault, workload identity.
Compliance Roadmap
Phase 1 (Launch)
- SOC 2 Type I
- GDPR & CCPA compliance
- Data Processing Agreements
Phase 2 (6-18 months)
- SOC 2 Type II
- ISO 27001
- Semiannual pen tests
Phase 3
- ISO 27701 (Privacy)
- Regional data residency
- FedRAMP-adjacent posture
