Security and controls
your auditors can rely on
CPAs and MBAs design every workflow, AI runs the production work, and reviewers sign off before anything posts. Here is how we protect your data and your ledger.
How we govern AI inside the close
Every AI step has a defined role, a confidence floor, and a human reviewer.
Defined scope
Each model has a written job description: input, output, allowed actions, and explicit out-of-scope items.
Confidence thresholds
Only above your configured floor (default 95%) does the AI auto-post. Below threshold → reviewer queue.
Human-in-the-loop
A CPA or trained reviewer must approve any new vendor, new GL account, or JE above your dollar threshold.
Drift monitoring
Match rates, exception rates, and outcome accuracy are tracked weekly. Drift triggers re-training or rule update.
Prompt & output logging
Every model call records its inputs, the prompt or rule version, raw output, and the final posted record.
No training on your data
Your transactional data is never used to train external foundation models. Customer-specific tuning stays in your tenant.
Where your data lives and how it’s protected
Encryption
AES-256 at rest. TLS 1.2+ (TLS 1.3 by default) in transit. Per-tenant encryption keys for sensitive integrations.
Tenant isolation
Logical isolation by default. Single-tenant deployment in your AWS, Azure, or GCP account on request — we run the workflow inside your VPC.
Backups & retention
Daily encrypted backups with 30-day point-in-time recovery. Retention windows match your audit policy; deletion is verifiable.
Subprocessors
A short, named list of subprocessors (cloud, observability, foundation-model APIs) is published in our DPA. We give 30 days’ notice before adding any.
Who can do what, and how we prove it
SSO & MFA
SAML SSO with your IdP (Okta, Azure AD, Google). MFA required for any admin role. Service accounts use scoped tokens.
Role-based access
Preparer, reviewer, approver, and admin roles are separated. The AI is always preparer, never approver.
Least privilege
Integrations request the minimum scopes (read-only where possible). We document every scope in our security packet.
Quarterly access review
Customer admins receive a quarterly user-access report to certify. Departures are removed within one business day.
Designed against the controls your auditors test
SOC 2 alignment
Workflow design maps to SOC 2 Trust Services Criteria (security, availability, processing integrity, confidentiality).
GAAP / IFRS process
Cut-off, matching, segregation of duties, and journal-entry approvals all live as configurable controls.
Immutable audit log
Every match, override, and approval is logged with user, timestamp, source documents, and model version. Logs are exportable.
Auditor PBC support
We hand auditors a structured PBC (prepared-by-client) bundle pulled from the workflow logs — no spreadsheet scrambles.
How we run the platform day to day
Change management
Code changes require peer review and pass automated tests before deployment. Production changes are logged.
Vulnerability management
Continuous dependency scanning, quarterly third-party penetration testing, and prompt patching SLAs.
Incident response
Documented incident-response runbook with named owners, on-call rotation, and customer-notification timelines.
Background checks
All employees and contractors with production access pass background checks and sign confidentiality agreements.
What we’ll send your security team
- ✓ Security packet: architecture overview, encryption details, data flow diagram
- ✓ SOC 2 alignment summary and roadmap
- ✓ Data Processing Addendum (DPA) and named subprocessor list
- ✓ Mutual NDA and BAA (where applicable)
- ✓ Penetration-test executive summary
- ✓ AI governance policy — scope, review cadence, model registry
Want our security packet?
Tell us a little about your environment and audit timeline. We’ll send the packet, set up a call with our security lead, and answer your security-review questionnaire.
Request the security packet