Assurance Center

How we protect your data — and the evidence to prove it.

0

Security Controls

0

Control Domains

Zero

Raw Data Stored

Data Handling

Data Transparency

What We Store

  • User account information (name, email)
  • Client metadata (names, industries, fiscal year-ends)
  • Aggregate diagnostic metadata (category totals, ratios, row counts)
  • Engagement records (narratives only, no line-level financial data)
  • Anonymized usage statistics

What We NEVER Store

  • Raw uploaded CSV/Excel files
  • Line-level trial balance rows or individual account balances
  • Individual journal entries, invoices, or payment records
  • Anomaly details tied to specific accounts or amounts
Security Architecture

How We Protect Your Data

Four stages. Every control documented. Zero raw data persisted.

Ephemeral Zone

Your data lives here temporarily — processed in-memory, never written to disk

Upload

Your file enters encrypted

Tap to view 3 controls

Verify

Your identity is confirmed

Tap to view 3 controls

Analyze

Data processed in isolation

Tap to view 3 controls

Data destroyed after processing
Persistent Storage

What we store

User profiles, practice settings, engagement metadata, and aggregate diagnostic summaries. No raw files. No line-level financial data. No client PII in analysis results.

Zero-Storage Architecture

No raw files or line-level financial rows are persisted. Only aggregate metadata is stored.

Memory Cleanup

Context-managed memory purge after every analysis operation completes.

Zero-Storage: all raw data purged after analysis
Implemented Controls

Security Control Inventory

19 implemented controls across 5 domains, each mapped to its standard reference. Expand any domain to inspect.

Independent Attestation

Compliance Roadmap

Self-assessed compliance posture and independent attestation progress. Artifact links provided for due diligence.

GDPR

Compliant
2024

EU General Data Protection Regulation — self-assessed

Privacy Policy

CCPA

Compliant
2024

California Consumer Privacy Act — self-assessed

Privacy Policy

DPA

Available
2025

Data Processing Agreement — Organization tier

Request DPA

GDPR and CCPA compliance reflects our self-assessed posture based on implemented controls and privacy architecture. Security controls listed above are implemented and active.

Incident Response

Preparedness Playbook

Our four-phase incident response posture. Zero-Storage architecture minimizes breach impact by design.

Detection

Phase 01

Automated monitoring and anomaly detection across infrastructure and application layers.

  • Structured logging with request-ID correlation
  • Sentry APM with Zero-Storage compliant error tracking
  • Rate limit breach alerting
Full playbook available on request for Organization accounts
Documents

Downloadable Artifacts

Review our policies and request compliance documents for your due diligence.

Privacy PolicyPolicy

Full GDPR/CCPA-compliant privacy disclosure.

Terms of ServiceLegal

Platform usage terms and liability framework.

Zero-Storage ArchitectureTechnical

Technical deep-dive into our ephemeral processing model.

Request DPAOrganization

Data Processing Agreement available for Organization accounts.