Finapolis
Start free trial

Trust, but verify

Last updated: May 27, 2026 · Everything you need for due diligence: how we secure your data, how our AI is trained and validated, where we stand with regulators, and how to reach the security team.

Data security

How we protect your data and keep financial information confidential, accurate, and available.

Infrastructure and encryption

  • AES-256 encryption for data at rest
  • TLS 1.3 for data in transit
  • AWS infrastructure with multi-region redundancy
  • Encrypted backups with 30-day retention
  • Network segmentation and firewalls

Access controls

  • Multi-factor authentication (MFA) required
  • Role-based access control (RBAC)
  • Session timeout after 30 minutes of inactivity
  • IP allowlisting available for enterprise clients
  • Audit logs for all access events

Monitoring and response

  • 24/7 security monitoring and alerting
  • Intrusion detection and prevention systems
  • Annual penetration testing by third parties
  • Incident response plan with defined SLAs
  • Responsible disclosure program

Certifications and compliance

Annual SOC 2 Type II audit completed.

  • GDPR compliant data handling
  • CCPA compliant for California users

AI methodology

How our AI works: how models are trained, how outputs are validated, and where the limits are. Written for anyone doing due diligence on the platform.

Model architecture

Finapolis runs a hybrid architecture: LLMs, deterministic financial models, rule-based systems, and machine learning for pattern recognition.

  • Large language models (LLMs) for natural language processing and query interpretation
  • Deterministic financial models for calculations and quantitative analysis
  • Rule-based systems for regulatory compliance checks
  • Machine learning models for pattern recognition in market data

Training data sources

Our models are trained on verified financial data from institutional providers. All third-party data is validated against primary sources before training.

Output validation and flagging

Every AI-generated output carries:

  • Clear AI-generated content labeling
  • Confidence scores for predictions and recommendations
  • Source attribution for all data points
  • Timestamp of data freshness
  • Audit trail linking output to source data

Known limitations

  • AI outputs are informational only and do not constitute investment advice
  • Models may exhibit bias present in historical market data
  • Performance in unprecedented market conditions may be unpredictable
  • Users must independently verify all outputs before making investment decisions

Regulatory posture

Where Finapolis stands: our regulatory status, our limits, and what we are responsible for. Stated plainly for due diligence.

Registration status

Finapolis is NOT a registered investment advisor, broker-dealer, or financial institution. We are a software provider. We give you the tools and the data, and the decisions stay yours.

  • Software-as-a-Service (SaaS) provider only
  • No custody of client funds or securities
  • No discretionary authority over client accounts

Our compliance obligations

As a software provider, we maintain:

  • Data privacy compliance (GDPR, CCPA)
  • Cybersecurity standards (SOC 2 Type II)
  • Terms of Service clearly stating limitations
  • Accessibility standards (WCAG 2.1)
  • Transparent AI disclosure practices

Client responsibilities

Firms and professionals using Finapolis remain responsible for:

  • Independent verification of all data and outputs
  • Compliance with their own regulatory obligations
  • Suitability determinations for client recommendations
  • Disclosure of third-party tool usage to clients
  • Recordkeeping and supervision requirements

Audit trail and recordkeeping

To support your compliance obligations, Finapolis provides:

  • Complete activity logs for all user actions
  • Exportable reports with timestamps and data sources
  • Version history for portfolio and analysis changes
  • Data retention for 7 years (configurable)
  • API access for integration with compliance systems

Contact the security team

Security inquiries

For general security questions or due diligence requests:

support@finapolis.com

Response time: 2 business days

Vulnerability disclosure

To report a security vulnerability:

support@finapolis.com

Response time: 24 hours

Responsible disclosure policy

  • Report vulnerabilities privately by email. PGP encryption is available on request.
  • Allow reasonable time for remediation before public disclosure.
  • We acknowledge receipt within 24 hours and provide a remediation timeline within 5 business days.