AdvisorIQ

Security & Trust

Your clients' data deserves
institutional-grade protection.

AdvisorIQ protects your data with firm-level isolation, end-to-end encryption, comprehensive audit logging, and zero use of your data for AI training.

AES-256 EncryptionSigned Document URLsZero AI TrainingFirm-Level Isolation

Security architecture

Defense in depth, not a single lock

Multiple independent layers of protection ensure that no single point of failure can compromise your data.

Authentication & Access

Multi-layer identity verification with role-based access control ensures only authorized advisors reach their data.

  • JWT authentication via Supabase Auth
  • Email verification required for all accounts
  • Role-based access control (Admin / Advisor)
  • Session validation on every API request

Data Isolation & Encryption

Every query is scoped to your firm. Encryption protects data at rest and in transit across every layer.

  • Firm-level isolation on every API endpoint
  • AES-256 encryption at rest
  • TLS 1.3 encryption in transit
  • Signed document URLs with 20-minute expiration

Audit & Compliance

Timestamped records of every interaction — designed for transparency and accountability.

  • Timestamped audit logs for all AI queries and responses
  • Activity history scoped per firm
  • Breach notification commitment documented in our Privacy Policy

Infrastructure partners

Built on a certified foundation

We chose our technology partners for their security track record. Core infrastructure components are backed by independently audited, certified providers.

Google Cloud Platform

Document Storage

SOC 2 Type IIISO 27001

Client documents are stored and served from Google Cloud Storage with managed encryption and global compliance certifications.

Supabase

Authentication & Identity

SOC 2 Type II

Handles user authentication, JWT token issuance, and email verification with enterprise-grade security practices.

Paddle

Payment Processing

PCI DSS Level 1

All payment processing is handled by Paddle. We never store, process, or transmit credit card data.

Anthropic

AI Provider

SOC 2 Type IINo Data Training

AI queries are processed in real-time. Your data is never used to train, fine-tune, or improve AI models.

In practice

The details matter

How we protect your data at every layer of the stack — from API requests to document storage.

Firm-Level Data Isolation

Every API query is scoped to your firm. Advisor A cannot see Advisor B's data, even within the same database. This isolation is enforced at the application layer on every single endpoint — not as an afterthought, but as a foundational architecture decision.

  • Every database query filters by firm_id
  • Document access restricted to your firm
  • Activity logs scoped per firm
  • No shared data surfaces between tenants

100%

endpoint coverage

Encryption at Every Layer

Your data is encrypted both in transit and at rest. Documents are never publicly accessible — every download requires a cryptographically signed URL that expires in minutes, not hours.

  • TLS 1.3 for all data in transit
  • AES-256 encryption for all data at rest
  • Signed document URLs with 20-minute TTL
  • No raw credentials stored in application logs

AES-256

encryption standard

Comprehensive Audit Trail

Every query, every response, every citation is timestamped and stored. Designed to support your firm's compliance and record-keeping needs.

  • Timestamped records of all AI queries and responses
  • Activity logs scoped per firm for review
  • Citation tracking tied to source documents
  • Application-level write-only logging for query history

Every

query logged

AI Data Handling

Your data is never used to train AI models. Queries are processed in real-time and are not retained by AI providers. Payment data never touches our servers.

  • Zero data used for AI model training
  • Real-time processing, no provider retention
  • No credit card data stored (Paddle handles payments)
  • HMAC-verified webhook security for billing events

Zero

data used for training

Regulatory alignment

Built for regulated professionals

Comprehensive legal documentation that meets the standards your compliance team expects.

Certified Infrastructure PartnersFirm-Level IsolationZero AI Training Data72-Hour Breach Notification Commitment

Security FAQ

Common questions about data protection

Stop researching.
Start advising.

Join the private beta and get cited, compliance-ready research in seconds.
We're onboarding select firms now.