🛡️ Security

Bank-Grade Security. No Compromises.

Financial data demands the highest security standards. Here's how Autokkeep protects every transaction, every audit trail, and every client relationship.

🔒 Our Security Promise

Your financial data is never used for AI model training. Every AI decision is logged with full transparency. No data leaves our managed infrastructure. Period.

🔐

Encryption at Rest & In Transit

✓AES-256 encryption for all stored data
✓TLS 1.3 for all data in transit
✓Managed key infrastructure via cloud providers
✓Zero-knowledge architecture for sensitive credentials

🛡️

Row-Level Security (RLS)

✓Every database query automatically filtered by tenant ID
✓No client can ever see another client's data — enforced at the database level
✓PostgreSQL RLS policies enforced at the database level
✓Logical isolation enforced through database-level policies

📋

Immutable Audit Trail

✓Every AI decision logged with full reasoning chain
✓Hash-chained entries — cannot be modified retroactively
✓Full compliance with SOX-adjacent audit requirements
✓Export-ready for external auditor review

🤖

AI Data Security

✓Zero data used for model training — strict DPA with AI providers
✓PII detection & redaction before inference
✓Financial data never leaves managed infrastructure
✓Structured output mode only — no freeform AI responses touching your ledger

🔑

Access Control

✓Role-based access control (RBAC) with least-privilege defaults
✓Multi-factor authentication (MFA) supported via TOTP authenticator apps
✓Session management with automatic timeout
✓API keys scoped per-entity with rotation policies

📊

Compliance & Certifications

✓SOC 2 Type II — controls designed for compliance readiness
✓GAAP & IFRS compliant double-entry bookkeeping
✓GDPR-compliant data processing for EU clients
✓Third-party penetration testing (planned)

How Your Data Flows

Every step of the pipeline is encrypted, logged, and access-controlled. No exceptions.

🔒

Bank API (TLS 1.3)

Plaid encrypted tunnel

→

🛡️

PII Redaction

Before AI inference

→

🤖

AI Engine (DPA)

No training on your data

→

📋

Audit Trail (RLS)

Immutable, hash-chained

AI Safety

Our AI is designed with guardrails that prioritize accuracy and accountability over speed.

🚫

No Training on Your Data

No financial data is used to train our AI models. Strict Data Processing Agreements with all AI providers ensure your data is processed in real-time only.

📊

Confidence-Scored Categorizations

All AI categorizations are confidence-scored — transactions below 95% are routed to human review. No blind automation touches your books.

⚙️

Deterministic Filter First

Deterministic filter handles 60%+ of transactions without touching AI at all — rule-based, predictable, and zero-cost per transaction.

✅

Double-Entry Validation

Double-entry validation trigger ensures ledger integrity at the database level. Every debit must have a matching credit — enforced by PostgreSQL, not application code.

Compliance Standards

Built for regulatory readiness from day one — not bolted on as an afterthought.

🏛️

SOC 2 Type II Readiness

Security architecture designed to align with SOC 2 Type II trust service criteria. Formal audit engagement on roadmap.

🇪🇺

GDPR Compliance

Full GDPR compliance including data deletion on request, consent management, and data portability. EU residents can exercise all data rights.

💳

PCI DSS via Plaid/Stripe

PCI DSS compliance handled entirely by Plaid and Stripe. No card numbers are ever stored on Autokkeep infrastructure.

🗑️

Right to Be Forgotten

Real account deletion — not just deactivation. When you delete your account, your data is permanently removed from all systems within 30 days.

Infrastructure Security

Defense in depth — from the database layer to the application layer.

✓

PostgreSQL with Row-Level Security

20 tables, every query automatically filtered by tenant. No client can ever access another client's data — enforced at the database level.

✓

Period Locking

Locked accounting periods cannot be modified — preventing accidental or malicious changes to finalized financial records.

✓

Immutable Audit Trail

Every action logged with actor, timestamp, and details. Hash-chained entries cannot be modified retroactively.

✓

Encrypted Token Storage

Supabase Vault for third-party API credentials. Encryption keys managed separately from application code.

Questions About Our Security?

We're happy to share our security documentation, audit reports, and data processing agreements.

Contact Our Security Team

🛡️ Security

Bank-Grade Security. No Compromises.

Financial data demands the highest security standards. Here's how Autokkeep protects every transaction, every audit trail, and every client relationship.

🔒 Our Security Promise

Your financial data is never used for AI model training. Every AI decision is logged with full transparency. No data leaves our managed infrastructure. Period.

🔐

Encryption at Rest & In Transit

✓AES-256 encryption for all stored data
✓TLS 1.3 for all data in transit
✓Managed key infrastructure via cloud providers
✓Zero-knowledge architecture for sensitive credentials

🛡️

Row-Level Security (RLS)

✓Every database query automatically filtered by tenant ID
✓No client can ever see another client's data — enforced at the database level
✓PostgreSQL RLS policies enforced at the database level
✓Logical isolation enforced through database-level policies

📋

Immutable Audit Trail

✓Every AI decision logged with full reasoning chain
✓Hash-chained entries — cannot be modified retroactively
✓Full compliance with SOX-adjacent audit requirements
✓Export-ready for external auditor review

🤖

AI Data Security

✓Zero data used for model training — strict DPA with AI providers
✓PII detection & redaction before inference
✓Financial data never leaves managed infrastructure
✓Structured output mode only — no freeform AI responses touching your ledger

🔑

Access Control

✓Role-based access control (RBAC) with least-privilege defaults
✓Multi-factor authentication (MFA) supported via TOTP authenticator apps
✓Session management with automatic timeout
✓API keys scoped per-entity with rotation policies

📊

Compliance & Certifications

✓SOC 2 Type II — controls designed for compliance readiness
✓GAAP & IFRS compliant double-entry bookkeeping
✓GDPR-compliant data processing for EU clients
✓Third-party penetration testing (planned)

How Your Data Flows

Every step of the pipeline is encrypted, logged, and access-controlled. No exceptions.

🔒

Bank API (TLS 1.3)

Plaid encrypted tunnel

→

🛡️

PII Redaction

Before AI inference

→

🤖

AI Engine (DPA)

No training on your data

→

📋

Audit Trail (RLS)

Immutable, hash-chained

AI Safety

Our AI is designed with guardrails that prioritize accuracy and accountability over speed.

🚫

No Training on Your Data

No financial data is used to train our AI models. Strict Data Processing Agreements with all AI providers ensure your data is processed in real-time only.

📊

Confidence-Scored Categorizations

All AI categorizations are confidence-scored — transactions below 95% are routed to human review. No blind automation touches your books.

⚙️

Deterministic Filter First

Deterministic filter handles 60%+ of transactions without touching AI at all — rule-based, predictable, and zero-cost per transaction.

✅

Double-Entry Validation

Double-entry validation trigger ensures ledger integrity at the database level. Every debit must have a matching credit — enforced by PostgreSQL, not application code.

Compliance Standards

Built for regulatory readiness from day one — not bolted on as an afterthought.

🏛️

SOC 2 Type II Readiness

Security architecture designed to align with SOC 2 Type II trust service criteria. Formal audit engagement on roadmap.

🇪🇺

GDPR Compliance

Full GDPR compliance including data deletion on request, consent management, and data portability. EU residents can exercise all data rights.

💳

PCI DSS via Plaid/Stripe

PCI DSS compliance handled entirely by Plaid and Stripe. No card numbers are ever stored on Autokkeep infrastructure.

🗑️

Right to Be Forgotten

Real account deletion — not just deactivation. When you delete your account, your data is permanently removed from all systems within 30 days.

Infrastructure Security

Defense in depth — from the database layer to the application layer.

✓

PostgreSQL with Row-Level Security

20 tables, every query automatically filtered by tenant. No client can ever access another client's data — enforced at the database level.

✓

Period Locking

Locked accounting periods cannot be modified — preventing accidental or malicious changes to finalized financial records.

✓

Immutable Audit Trail

Every action logged with actor, timestamp, and details. Hash-chained entries cannot be modified retroactively.

✓

Encrypted Token Storage

Supabase Vault for third-party API credentials. Encryption keys managed separately from application code.

Questions About Our Security?

We're happy to share our security documentation, audit reports, and data processing agreements.

Contact Our Security Team