Security & Compliance
Enterprise-grade security built for financial data. Every layer designed to protect sensitive portfolio information.
Core Security Controls
Encryption
All data encrypted at rest (AES-256) and in transit (TLS 1.3). Zero plaintext storage.
Role-Based Access
Least-privilege by default. Founders, investors, and admins see only what they need.
Audit Trails
Every action logged. Know who viewed, edited, or exported what, and when.
SOC 2 Type II
Compliance in progress. Security policies audited annually.
SSO & MFA
Enterprise SSO via SAML/OIDC. Multi-factor authentication for all users.
Data Isolation
Logical data separation per organization. No cross-tenant data leakage.
Granular Permissions
Control what investors see: full P&L, KPIs only, or specific metrics.
Incident Response
24/7 monitoring. Documented incident response plan with < 1hr SLA.
How we handle your data
What we collect
Financial data (P&L, balance sheet, cash flow), user account info, and audit logs. We never sell or share your data with third parties.
Where it's stored
Data stored in SOC 2 compliant data centers in the US. Encrypted at rest with AES-256. Backups retained for 30 days.
Who can access it
Only you and the users you explicitly invite. Clarifi engineers have zero standing access to customer data. Emergency access requires two-person approval and is logged.
Compliance & Certifications
SOC 2 Type II compliance in progress. GDPR compliant. Data processing agreements available upon request.