Trust & security

Written for the person who has to sign off.

We work inside operations that handle sensitive consumer financial data. The compliance officer, the IT security lead, and the managing partner all need to be comfortable before we touch production. This page is for them.

HostingActive

US-only AWS regions. No data processed or stored outside the United States.

EncryptionActive

AES-256 at rest, TLS 1.3 in transit, customer-managed KMS keys available.

BAA (HIPAA)Available

Business Associate Agreement available for medical-debt engagements.

PII handlingEnforced

Field-level access controls. PII never written to logs. Tokenization available.

Uptime99.9%

On production environments. Measured monthly across all customer deployments.

Response SLAPlatinum

For Platinum-tier clients and critical P1 incidents: acknowledged within 30 minutes, 24/7.

BackupsActive

Daily encrypted backups, cross-region replication, restoration tested quarterly.

Change logActive

All production changes logged. Monthly release notes distributed to clients.

Audit evidence exportBuilt-in

One-click examiner-ready evidence bundle. Covers CFPB, state AG, and client audits.

Want to know more?

Thirty minutes with our team is enough to walk through your specific security and compliance questions — no deck, no sales pitch.

Book a walkthrough