We handle the most sensitive deal data in private equity. Security isn't a featureβit's our foundation.
AES-256 encryption at rest, TLS 1.3 in transit. Zero-knowledge architecture for sensitive data.
Row-level security in PostgreSQL ensures complete data isolation between clients.
One-click data deletion with cryptographic proof. Your data, your control.
Certification in progress (Q4 2026). Independent audit of security controls.
Full compliance with global privacy regulations. EU data residency available.
Secure dropbox links reduce credential risk. Optional MFA for platform access.
All security documentation is publicly available. No NDA required to review our architecture.
Complete overview of our security architecture, encryption standards, and compliance framework.
Current certification status, audit timeline, and compliance controls.
How we handle your data lifecycle, retention periods, and secure deletion procedures.
How we comply with global privacy regulations and protect customer data rights.
Independent audit scheduled for Q4 2026. All controls implemented and operational.
Full GDPR compliance. EU data residency available. Right to deletion, portability, and access.
California Consumer Privacy Act compliance. Full transparency on data collection and usage.
International security standard planned for 2027 certification cycle.
Primary storage: AWS US-East (N. Virginia). EU data residency available for GDPR requirements. All data encrypted at rest using AES-256.
Only authorized users with valid access tokens. Our engineering team has zero-knowledge access (encrypted data appears as ciphertext). SOC 2 audit trail logs all access attempts.
Default: 90 days after report delivery. Configurable: 30-365 days based on your needs. You can delete all data instantly via kill switch at any time.
Yes. Mutual NDAs are standard for all engagements. We can also sign your MSA/DPA if required by your procurement process.
Your data is NEVER used for AI model training. We use Anthropic Claude and OpenAI GPT with zero-retention APIs (data deleted after processing). Your competitive intelligence stays yours.
Click "Delete All Data" in your dropbox settings. Cryptographic deletion certificate issued within 24 hours. Physical deletion from backups within 30 days (industry standard).
Our security team is available to answer technical questions and review custom requirements.