Enterprise-Grade Security

Built for finance teams who take data protection seriously

Data Encryption

AES-256 encryption at rest. TLS 1.3 for all data in transit. Fernet encryption for stored credentials. Your data is protected at every layer.

Single-Tenant Isolation

Each client gets a completely isolated server instance. Separate database, cache, and vector store. No shared infrastructure between clients.

Zero Data Retention

Financial data is queried in real-time and returned to you. EPM Agent does not store your financial data. Only metadata is persisted locally for fast queries.

Authentication & Access Control

Multiple layers of identity verification and permission management

  • JWT Authentication with 15-minute access tokens and 7-day refresh tokens
  • Two-Factor Authentication (TOTP) with backup codes for account recovery
  • Role-Based Access Control: Admin, Analyst, and User roles with granular permissions
  • API Key Authentication with scoped permissions and configurable expiration
  • Account Lockout after 5 failed login attempts with 15-minute lockout duration
  • Rate Limiting: 10 login attempts per minute per IP address
  • Password Complexity: uppercase, lowercase, digit, and special character required
  • Session Invalidation on password change across all active sessions

Infrastructure Security

Hardened at every level from credentials to network transport

Credential Management

Secure credential storage using Fernet (AES-128-CBC) encryption. Connection passwords are never stored in plaintext.

Security Headers

Content Security Policy, X-Frame-Options, HSTS, and X-Content-Type-Options enforced on all responses.

HTTPS Enforcement

Automatic HTTPS redirect in production. All API communication secured with TLS encryption.

Audit Trails

Comprehensive audit logging for all sensitive operations including login, user management, and data access.

Compliance Roadmap

Current capabilities and planned certifications

Currently Available

  • AES-256 data encryption at rest and in transit
  • Role-based access control with granular permissions
  • Comprehensive audit trails for all operations
  • Two-factor authentication (TOTP)
  • API key authentication with scoped permissions

Planned

  • SOC 2 Type II certification
  • GDPR compliance documentation
  • IP whitelisting for network-level access control
  • SSO / SAML integration for enterprise identity
  • Penetration testing and security audit

Have Security Questions? Talk to Our Team

We are happy to discuss security requirements for your organization

Request a Demo View Pricing