Security & compliance
Security and compliance
built for institutions.
Our security practices and certifications meet institutional requirements for digital banking. Connections to your core are encrypted end-to-end.
Architecture
Security controls
Applied consistently across platform, network, and core integrations.
End-to-end encryption
TLS 1.3 in transit; AES-256 at rest.
SOC 2 Type II
Annual third-party audits of security controls and operations.
Continuous monitoring
SOC visibility into access patterns and transaction anomalies.
Access controls
RBAC, MFA for admin, API key rotation.
Audit trails
Immutable activity logs retained per policy.
Infrastructure & core security
Multi-AZ redundancy, DDoS mitigation, encrypted connections to FIS, Fiserv, Jack Henry, and other cores with tenant-isolated credentials.
Operations
Incident response
Incidents follow documented detection, escalation, and resolution procedures. Customers are notified when incidents affect their data or service availability.
Security operations center staffed around the clock
Incident response procedures tested quarterly
Defined escalation paths and customer communication protocols
Annual penetration testing by third-party firms
Attestations
Compliance standards
Current certifications and frameworks we align to.
Privacy
Data handling
Data residency
Storage locations can be specified by region. Infrastructure uses redundant availability zones.
Policies & DPAs
Privacy policies describe collection, processing, and retention. DPAs available during procurement. See Privacy Policy.
Now Deploying
Security documentation
Request detailed security materials, compliance reports, or a technical review of core integration architecture.