Trust Center

Security is a headline feature

Executive financial, HR, and performance data is among the most sensitive data a company holds. We treat security as a core product capability.

Two-Factor Authentication

TOTP-based 2FA mandatory for all consultant and admin roles. Optional for client users. Compatible with any authenticator app.

End-to-End Encryption

TLS 1.3 in transit, AES-256 at rest. Field-level encryption for high-sensitivity data. Per-tenant encryption keys.

Role-Based Access Control

6 distinct roles with granular permissions. Row-level tenant isolation ensures clients never see other clients data.

Audit Trail

Immutable, append-only audit log for every view, export, suggestion, and data transmission. Customer-visible audit portal.

Consent-First Data Sharing

No data moves without explicit consent. Every transmission includes a signed data manifest with purpose and retention period.

Infrastructure Security

Zero-trust network architecture, private VPC, no public database endpoints, secrets in managed vault, workload identity.

Compliance Roadmap

Phase 1 (Launch)

  • SOC 2 Type I
  • GDPR & CCPA compliance
  • Data Processing Agreements

Phase 2 (6-18 months)

  • SOC 2 Type II
  • ISO 27001
  • Semiannual pen tests

Phase 3

  • ISO 27701 (Privacy)
  • Regional data residency
  • FedRAMP-adjacent posture