Security
Three tiers. One standard: no shared data.
FinTel's security model is tiered to match the compliance requirements of each client — from standard advisory practices to defense-adjacent and federally-regulated deployments. Security documentation is available under NDA.
Security Tiers
Match your compliance posture to your client base.
Every FinTel account starts at Standard. Firms with contractual isolation requirements or regulated client bases can upgrade to Enhanced or Hard-Separated without changing their advisory workflow.
Standard
Default for all accounts
SOC 2-compliant shared infrastructure.
Row-level RBAC isolation ensures each advisory partner sees only their clients, and each client sees only their own data. All data is encrypted at rest with AES-256 and in transit with TLS 1.3. A web application firewall (WAF) sits in front of all traffic. Full audit logging is on by default — every access and action is recorded.
- —Row-level RBAC isolation
- —AES-256 encryption at rest
- —TLS 1.3 in transit
- —Web application firewall (WAF)
- —Full audit logging
- —SOC 2 compliant architecture (certification in progress)
Enhanced
For firms with contractual isolation requirements
Everything in Standard, plus dedicated infrastructure.
A dedicated database instance ensures your firm's client data is never co-resident with another partner's. A partner-scoped AWS KMS key means your encryption keys are yours — not shared. A dedicated S3 bucket provides physical storage separation. Designed for advisory firms with contractual database isolation requirements or clients in regulated industries.
- —Everything in Standard
- —Dedicated database instance
- —Partner-scoped AWS KMS key
- —Dedicated S3 bucket
- —Physical storage separation
Hard-Separated
For defense-adjacent and federally-regulated clients
Full infrastructure isolation. CMMC / FedRAMP alignment.
Complete deployment in a dedicated AWS account or VPC — no shared infrastructure of any kind. FIPS 140-2 validated cryptographic modules, network-level isolation, and HSM-backed KMS. Architecture is aligned to CMMC Level 2, NIST SP 800-171, and FedRAMP Moderate controls. Built for defense contractors, federal agencies, and any entity handling Controlled Unclassified Information (CUI).
- —Dedicated AWS account or VPC
- —FIPS 140-2 validated modules
- —Network-level isolation
- —HSM-backed KMS
- —CMMC Level 2 alignment
- —NIST SP 800-171 aligned
- —FedRAMP Moderate alignment
Architecture Principles
Built for financial data. Designed for oversight.
Financial reporting infrastructure requires a different security posture than general SaaS. These principles apply across all three tiers — the tiers determine the depth of implementation.
Role-based access control
Access to client data is governed by role. Advisory partners see only their clients. Clients see only their own data. No cross-contamination at any tier.
Encryption at rest and in transit
AES-256 at rest and TLS 1.3 in transit across all tiers. Enhanced and Hard-Separated tiers use dedicated or HSM-backed key management.
Audit logging
All access and actions are logged across every tier. Audit trails are available for review. This is not optional infrastructure — it's the foundation of financial oversight.
Least-privilege access
Systems and personnel access only what they need to perform their function. Privilege escalation requires explicit authorization.
SOC 2 compliant architecture
FinTel is built to SOC 2 standards. Certification is in progress. We will share the report when available.
Web application firewall
A WAF sits in front of all traffic at every tier, filtering malicious requests before they reach application or data layers.
Documentation
Security documentation is available under NDA.
If you are an advisory partner, lender, enterprise client, or government procurement officer conducting due diligence, we will share detailed security documentation — including tier specifications, compliance evidence packages, and architecture diagrams — under a mutual NDA. Contact us to begin that process.
Request Security Documentation