finrep logo

Security at Finrep

Security at Finrep

Enterprise-grade protection for financial intelligence

At Finrep, security is not a compliance checkbox. It is the foundation on which the platform is built.

Finrep.ai is an enterprise AI system for SEC reporting and technical accounting, which means we handle some of the most sensitive financial and corporate data in the world. Our security architecture is designed so that customer data is never exposed, leaked, or repurposed.

We operate under internationally recognized security frameworks, implement defense-in-depth across infrastructure and AI layers, and maintain strict governance over how data is accessed, processed, and retained.

Compliance & Certifications

Finrep maintains independent third-party certifications that validate both the design and operational effectiveness of our security controls.

SOC 2 Type II (AICPA)

Our SOC 2 Type II report confirms that our controls operate effectively over time across Security, Availability, and Confidentiality trust principles.

ISO 27001:2022

We operate a full Information Security Management System (ISMS) aligned with ISO 27001, including risk assessments, access governance, incident management, and continuous improvement cycles.

These certifications are audited by independent firms and renewed through ongoing surveillance audits.

Security governance includes:

  • Dedicated security leadership
  • Quarterly risk assessments
  • Annual third-party penetration testing
  • Mandatory security training for all employees
  • Documented incident response and escalation procedures

Cloud Infrastructure Security

Finrep runs on enterprise cloud infrastructure across AWS and Azure, both operating SOC 2 certified data centers.

Our infrastructure architecture includes:

  • Private network segmentation using VPCs
  • Web Application Firewalls and DDoS protection
  • Encrypted inter-service communication using TLS 1.3
  • Continuous vulnerability scanning and patching

All production environments are isolated from development systems, with strict access boundaries enforced at the network and identity layers.

Access Controls & Identity

We enforce least-privilege access across all systems.

Production access:

  • Requires multi-factor authentication
  • Is fully role-based
  • Is logged and audited
  • Reviewed quarterly

Customer data is accessible only to explicitly authorized personnel, and only when operationally required. All access is time-bound, logged, and reviewed.

Data Encryption & Isolation

Finrep uses industry-standard cryptographic controls across the entire data lifecycle.

Data StateProtection
At RestAES-256 encryption
In TransitTLS 1.3
DatabasesField-level encryption
BackupsEncrypted and geo-redundant

Cross-tenant data access is prevented by logical isolation and strict access controls across all customer accounts.

For enterprise customers, dedicated tenant isolation is available, enforcing separation through:

  • Separate encryption keys
  • Isolated database instances
  • Hard tenant boundaries enforced at the infrastructure level

AI Security Architecture

Secure by default.

Finrep's AI capabilities are powered by enterprise AI APIs from leading providers, including Anthropic, Azure OpenAI, and Google Vertex AI. Content is transmitted to these providers solely to process user requests, governed by enterprise agreements that control how that data is handled.

These providers operate under contractual terms that:

  • Prohibit training on customer data
  • Limit data retention to a short period for safety and operational purposes
  • Require SOC 2 Type II compliance
  • Use encrypted APIs

On top of the provider layer, Finrep adds its own controls:

  • An internal AI gateway that manages provider routing and failover
  • Role-based access controls governing who and what can invoke models
  • Encryption in transit (TLS 1.3) for all model traffic
  • Full audit logging of AI requests

Data Retention & Deletion

Finrep follows strict data lifecycle policies.

  • Data is encrypted in managed databases
  • Daily encrypted backups are stored across regions
  • Recovery procedures are tested quarterly
  • RTO: 4 hours
  • RPO: 1 hour

Upon contract termination, our deletion SLA is:

  • Primary data is deleted within 30 days
  • Backups are purged within 90 days

Deletion of Customer Platform Data follows the terms of the applicable Data Processing Agreement (DPA). Deletion confirmation is available on request, subject to the DPA.

Application Security

All application code passes through:

  • Static security analysis
  • Dependency vulnerability scanning
  • Container image scanning
  • Manual security review

High or critical vulnerabilities block deployment automatically.

Authentication supports:

  • SAML 2.0 and OIDC SSO
  • Multi-factor authentication
  • Session expiration and concurrency limits

APIs use OAuth 2.0 or rotating API keys with IP allow-listing and full audit logging.

Monitoring & Incident Response

Finrep operates continuous security monitoring across infrastructure and application layers.

We use centralized SIEM systems to detect:

  • Anomalous access patterns
  • Network intrusion attempts
  • Data exfiltration risks

All incidents follow a documented response framework with:

  • Defined severity levels
  • Containment and remediation procedures
  • Customer notification obligations
  • Post-incident reports

High Availability & Resilience

Finrep is built for operational continuity even during major cloud or AI provider outages.

Our system maintains:

  • Multiple AI provider fallbacks
  • Automatic real-time routing across Anthropic, Azure OpenAI, and Vertex via our AI gateway
  • Health monitoring and failover

This architecture allows Finrep to remain available even when major providers such as Azure, OpenAI, Anthropic, or Cloudflare experience downtime.

Our Security Philosophy

We believe security must be:

  • Architectural, not cosmetic
  • Proactive, not reactive
  • Auditable, not assumed

Finrep is built for regulated financial environments where mistakes are expensive and trust is everything. Our systems are designed so that even in worst-case scenarios, customer data remains isolated, encrypted, and inaccessible.

Security is not a feature at Finrep.

It is the system.

Security Reviews & Documentation

Enterprise customers can request:

  • SOC 2 Type II report
  • ISO 27001 certificate
  • Penetration testing summary
  • Data flow architecture
  • Security questionnaires

Contact: security@finrep.ai

Run your SEC filing cycle on Finrep

Company
PlatformUse CasesAboutPricingContactCareers
Resources
BlogSEC Reporting JournalSecurityPrivacy PolicyTerms of Service
LinkedInTwitter/X
Ask AI aboutFinrep
ChatGPT
Claude
Perplexity
SOC2 Type 2 badge
ISO 27001 badge
Backed By
Accel logo
Finrep Footer