How your client data is handled.

• Where the data lives.

  Every piece of client information stays on a computer we install at your office. You hold the hardware. Your IT firm controls who can touch it. The system we put on it works without an internet connection.

• When the cloud is used.

  We use cloud AI only for work that doesn't touch a client. Public filings, generic templates, market data. Those calls go to a vendor that does not store them. We log every call so an auditor can see what was sent and what came back.

• What gets recorded.

  Every action the system takes is written to a record that cannot be edited or deleted later. Every input, every output, every decision. We keep that record for as long as your industry requires.

• How clients are kept apart.

  Each client's data is fenced off from every other client's. The system can't pull a record for one client into a workflow for another. It is structural, not a policy you have to trust us to follow.

• What happens if something breaks.

  If a problem shows up, you hear from us within 72 hours, in writing. A leak, a wrong output, a system failure. Our standard agreement puts that in your file.

• Who else can touch the system.

  Your IT firm gets the access they need to keep things running and nothing more. Their credentials rotate on a schedule. Their access is logged. They can troubleshoot the box; they cannot read what's on it.

The rules we already work to.

Every investment adviser registered or required to be registered under section 203 of the Act shall make and keep true, accurate and current the following books and records relating to its investment advisory business…

SEC Rule 204-2 (Books and Records)

What it asks: Investment advisers must keep accurate records for at least five years.What we do: Every system action is logged for six years. The first five are immediately accessible.

Rule 17a-4(f)(2) (Records that can't be rewritten)

What it asks: Records have to be stored in a way that can't be altered after the fact.What we do: Logs are append-only. There is no edit operation. There is no delete operation.

Marketing Rule 206(4)-1

What it asks: Adviser marketing has to avoid misleading claims and stay supervisable.What we do: Every page on this site is in plain English with no claims we can't back up. We can build a marketing pre-check workflow if you want one.

Those are the SEC rules. For firms in other regulated industries (insurance, healthcare, legal, accounting), we map the same architecture to the rules that govern you. FINRA, NAIC model rules, HIPAA, your state bar. The system doesn't change; the framework references do.

How we scope a workflow.

Every workflow is written down before a single line of code. We document what the system is allowed to see, what it is allowed to say, and where its output lands. That document is the first thing we hand you, not the last. It is why our work passes audits.

Want to see the full data-handling document?

We send it before any contract gets signed. Tell us where to send it.