Skip to content

Security & Compliance

Enterprise-Grade
Security

Your data is your alpha. We protect it with the same rigor you would expect from a prime broker - because we have built systems for them.

GDPR

Ready

SEC / FINRA

Compatible

CCPA

Compliant

SOC 2 Type II

On Roadmap

Security Features

Defense in Depth

Multiple layers of security controls protect your data at every stage of the pipeline - from ingestion to delivery.

TLS 1.3

Encryption in Transit

All data transmitted between clients and the platform is encrypted via TLS 1.3. Connections are mutually authenticated and sessions are time-limited. Storage-layer encryption configuration is documented per engagement.

RBAC + MFA

Role-Based Access Control

Granular RBAC with entity-level permissions. Control who sees what across funds, entities, and data domains. SSO integration available; MFA enforced for all production users.

Access Logs

Audit Logging

Data access, modification, and export events are logged with user identity, timestamp, and context. Audit log retention policy and review tooling defined per engagement to match your regulatory framework.

Multi-Region

Data Residency

Deployment region is agreed at contract. US-based deployment is standard. EU and APAC options available for clients with jurisdiction-specific data sovereignty requirements.

NDA Docs

Security Review Program

Security architecture documentation, data flow diagrams, and completed vendor security questionnaire responses are provided to qualified prospects under NDA. SOC 2 readiness programme on roadmap; control documentation available under NDA.

Active

Responsible Disclosure

We operate a responsible disclosure program. Security findings reported through our contact channel are reviewed and acknowledged within 48 hours. Vulnerability scanning runs continuously across the production stack.

Compliance

Built for Regulated Industries

Alternative asset managers face unique regulatory requirements. PlexiFact is architected to support SEC, FINRA, and GDPR compliance from the ground up - not as an afterthought.

  • Immutable audit logs with complete data lineage for regulatory review
  • Automated compliance reporting for SEC Form PF, CPO-PQR, and AIFMD
  • Data subject access requests (DSAR) handled through built-in governance tools
  • Configurable data retention policies per jurisdiction and entity
  • Real-time monitoring and alerting on compliance-relevant data changes

Certifications & Standards

GDPR

Ready

Data processing agreements, EU data residency, DSAR workflows, and right-to-erasure support.

SEC / FINRA

Compatible

Books and records retention compatible with Rule 17a-4. Complete audit trail and granular access controls.

CCPA

Compliant

California consumer privacy compliance with automated handling and disclosure capabilities.

SOC 2 Type II

On Roadmap

Audit programme on roadmap. Current control set and security documentation available under NDA on request.

Request Security Documentation

We share security architecture documentation, data flow diagrams, and completed vendor security questionnaire responses under NDA. SOC 2 readiness on roadmap - reach out for current control set under NDA.

Request Security Docs