Security is not optional.
End-to-end encryption, immutable audit, tenant isolation. Every layer of the platform is designed to protect your client data.
Hosting & Infrastructure
The entire infrastructure is hosted in the European Union. Data never leaves the EU. No dependency on US cloud providers subject to the CLOUD Act.
- PostgreSQL 17 with pgcrypto encryption
- Redis 7.2 for processing queues
- Containerized Docker architecture
- Exclusive EU hosting
Encryption & Audit
Every mutation is recorded in an immutable audit trail. Records are chained with SHA-256: any tampering is instantly detectable.
- SHA-256 hash chain (prevHash|entity|action|timestamp|data)
- TLS 1.3 for all communications
- pgcrypto for at-rest encryption of sensitive data
- Append-only audit trail: no modification, no deletion
Multi-tenant Isolation
Each organization is isolated by a unique identifier (tenant_id). Every request is filtered. No cross-access is possible, even in the event of an application-level breach.
- tenant_id filtering on every database query
- RBAC with 5 roles (Admin, MLRO, CO, Analyst, RM)
- OIDC authentication via Keycloak (signed JWT)
- Sessions isolated per organization
Regulatory compliance
The platform is designed to comply with the Monaco and European regulatory framework. Every feature integrates compliance requirements by design.
- GDPR compliant (processing, right to be forgotten, portability)
- Aligned with Law 1.362 (AML/CFT Monaco)
- Minimum 5-year retention for documents and exports
- PII excluded from application logs
Backups
Data is backed up daily with encryption before storage. Restoration is tested regularly.
- Daily encrypted PostgreSQL dumps
- S3-compatible storage (Monaco Telecom)
- age encryption before transfer
- Periodic restoration tests
Questions about security?
We answer all your technical and regulatory questions.