Security & Compliance

Built for institutional trust.

We understand that financial institutions have strict requirements around data handling, security, and compliance. Alfion is designed from the ground up to meet those standards.

Encryption

  • TLS 1.3 for all data in transit
  • AES-256 encryption for data at rest
  • Encrypted database connections
  • Secure key management

Infrastructure

  • SOC2-compliant cloud providers
  • Isolated compute environments
  • Automated security patching
  • Regular penetration testing

Access Control

  • Role-based access control (RBAC)
  • JWT-based authentication
  • Google OAuth integration
  • Session management with httpOnly cookies

Data Handling

  • SEC EDGAR data is public record
  • No PII stored beyond user accounts
  • User data never used for training
  • Data retention policies configurable

Compliance

  • SOC2 Type II certification in progress
  • GDPR-compliant data practices
  • Regular third-party security audits
  • Incident response procedures

Enterprise Options

  • Private cloud deployment available
  • VPC peering and private endpoints
  • Custom data residency
  • Dedicated infrastructure

Responsible AI

Transparent, auditable, and honest.

Every AI-generated summary includes citations back to the source filing text. We flag low-confidence outputs and provide guardrails to minimize hallucination. Alfion never fabricates data or presents AI opinions as facts.

Our pilot success metric: fewer than 1 critical hallucination per 10 filings analyzed. Analyst verification is always the final step in any workflow.

Have security questions?

Our team is happy to discuss Alfion's security posture in detail. Enterprise clients can request a full security review.

Contact Security Team