Trust & Security
How Finapolis approaches data security, AI methodology, and regulatory posture — for financial professionals conducting due diligence.
Data Security
Our infrastructure and processes are designed to protect client data and maintain the confidentiality, integrity, and availability of financial information.
Our Approach to Data Security
Protecting the financial and personal data investment professionals entrust to us is foundational to Finapolis. As we grow, we are building our security program around established principles:
- Defense in depth across our infrastructure and application
- Least-privilege access — only what each role needs
- Privacy by design in how we collect and handle data
Built on Trusted Infrastructure
Finapolis runs on established, industry-standard cloud infrastructure, with the platform served over encrypted (HTTPS) connections.
- Reputable, widely used cloud platform
- Encrypted connections for data in transit
A Maturing Security Program
Security is an ongoing discipline, not a one-time milestone. As the platform scales, we continue to strengthen our practices — and we welcome reports of any potential issues.
- Continuous improvement as the platform grows
- A clear channel for responsible disclosure
Certifications & Standards
We're early in our journey as a commercial platform. As we scale, we're working toward the independent audits and certifications expected of financial-technology providers — and we'll publish them here as we achieve them.
In the meantime, we're glad to discuss our security practices directly.
AI Methodology
A plain-language overview of how our AI works, the data it draws on, and its limitations — for professionals evaluating our platform.
Model Architecture
Finapolis combines several approaches rather than relying on a single model:
- Large language models (LLMs) for natural-language understanding
- Deterministic financial models for calculations and quantitative analysis
- Rule-based logic for consistency and guardrails
- Pattern recognition over market data
Data Sources
We draw on established financial data sources, including:
We work to validate third-party data against primary sources.
Transparency in Output
Where applicable, AI-generated output is designed to include:
- Clear labeling of AI-generated content
- Attribution to the data it draws on
- An indication of how current that data is
Known Limitations
- AI outputs are informational only and do not constitute investment advice
- Models may exhibit bias present in historical market data
- Performance in unprecedented market conditions may be unpredictable
- Users must independently verify all outputs before making investment decisions
Regulatory Posture
A clear statement of Finapolis's regulatory status, the limits of our service, and our commitments — for your due diligence.
Registration Status
- Software-as-a-Service (SaaS) provider only
- No custody of client funds or securities
- No discretionary authority over client accounts
Our Commitments
As a technology provider serving regulated professionals, we are committed to:
- Being transparent about what our platform does — and does not — do
- Clearly stating the limits of our service in our Terms of Service
- Open disclosure of how and where we use AI
- Handling user data responsibly and protecting privacy
- Adopting recognized security and accessibility standards as we mature
Client Responsibilities
RIAs and financial professionals using Finapolis remain responsible for:
- Independent verification of all data and outputs
- Compliance with their own regulatory obligations (SEC, FINRA, state regulators)
- Suitability determinations for client recommendations
- Disclosure of third-party tool usage to clients
- Recordkeeping and supervision requirements
Records & Oversight
Recordkeeping and oversight matter to the professionals we serve. As the platform matures, we are expanding the tools that support them, such as:
- Activity history within the platform
- Exportable reports of your work
Trust Information by Audience
Trust and security topics relevant to the different professionals who use Finapolis.
Registered Investment Advisors
Key considerations:
- Supervisory oversight and audit trails
- How client data is handled
- Disclosure of third-party tool usage
Learn more:
Compliance Officers
Key considerations:
- Our approach to security and data protection
- Vendor due diligence and third-party risk
- Access controls and monitoring
Learn more:
Sophisticated Investors
Key considerations:
- Data accuracy and sourcing
- AI transparency and its limitations
- Protection of personal financial data
Learn more:
Contact Security Team
For security inquiries, vulnerability reports, or additional due diligence documentation.
Responsible Disclosure
- Please report potential vulnerabilities privately, by email
- Allow us reasonable time to investigate and remediate before any public disclosure
- We'll acknowledge legitimate reports and keep you updated as we work to resolve them