All data is encrypted in transit with TLS and at rest using AES-256 via AWS KMS. Sensitive tokens and credentials are encrypted at the application level with AES-256-GCM.
Hosted on AWS with ECS Fargate, RDS PostgreSQL, S3, and ElastiCache Redis. Secrets managed through AWS Secrets Manager. Non-root containers with health monitoring.
Granular permissions with a full role hierarchy from firm principals to read-only users. Every action is logged in tamper-proof audit trails for compliance.
Each firm's data is completely isolated at the database, storage, and application layers. Advisors can only access households assigned to them.
Multi-layered PII detection using ML-based analysis and AWS Bedrock guardrails. Sensitive data is automatically tokenized or redacted before processing.
Built to support SEC Reg S-P, GLBA, and FINRA requirements. Immutable audit logs, WORM-compliant document storage, and comprehensive access controls.