Trust & Security

How Finapolis approaches data security, AI methodology, and regulatory posture — for financial professionals conducting due diligence.

Data Security

Our infrastructure and processes are designed to protect client data and maintain the confidentiality, integrity, and availability of financial information.

Our Approach to Data Security

Protecting the financial and personal data investment professionals entrust to us is foundational to Finapolis. As we grow, we are building our security program around established principles:

  • Defense in depth across our infrastructure and application
  • Least-privilege access — only what each role needs
  • Privacy by design in how we collect and handle data

Built on Trusted Infrastructure

Finapolis runs on established, industry-standard cloud infrastructure, with the platform served over encrypted (HTTPS) connections.

  • Reputable, widely used cloud platform
  • Encrypted connections for data in transit

A Maturing Security Program

Security is an ongoing discipline, not a one-time milestone. As the platform scales, we continue to strengthen our practices — and we welcome reports of any potential issues.

  • Continuous improvement as the platform grows
  • A clear channel for responsible disclosure

Certifications & Standards

We're early in our journey as a commercial platform. As we scale, we're working toward the independent audits and certifications expected of financial-technology providers — and we'll publish them here as we achieve them.

In the meantime, we're glad to discuss our security practices directly.

AI Methodology

A plain-language overview of how our AI works, the data it draws on, and its limitations — for professionals evaluating our platform.

Model Architecture

Finapolis combines several approaches rather than relying on a single model:

  • Large language models (LLMs) for natural-language understanding
  • Deterministic financial models for calculations and quantitative analysis
  • Rule-based logic for consistency and guardrails
  • Pattern recognition over market data

Data Sources

We draw on established financial data sources, including:

Training data sources: Massive, Tiingo, FRED, and SEC EDGAR API

We work to validate third-party data against primary sources.

Transparency in Output

Where applicable, AI-generated output is designed to include:

  • Clear labeling of AI-generated content
  • Attribution to the data it draws on
  • An indication of how current that data is

Known Limitations

  • AI outputs are informational only and do not constitute investment advice
  • Models may exhibit bias present in historical market data
  • Performance in unprecedented market conditions may be unpredictable
  • Users must independently verify all outputs before making investment decisions

Regulatory Posture

A clear statement of Finapolis's regulatory status, the limits of our service, and our commitments — for your due diligence.

Registration Status

Finapolis is NOT a registered investment adviser. We are a financial technology (fintech) provider serving investment professionals. We do not provide investment advice, execute trades, or manage client assets.
  • Software-as-a-Service (SaaS) provider only
  • No custody of client funds or securities
  • No discretionary authority over client accounts

Our Commitments

As a technology provider serving regulated professionals, we are committed to:

  • Being transparent about what our platform does — and does not — do
  • Clearly stating the limits of our service in our Terms of Service
  • Open disclosure of how and where we use AI
  • Handling user data responsibly and protecting privacy
  • Adopting recognized security and accessibility standards as we mature

Client Responsibilities

RIAs and financial professionals using Finapolis remain responsible for:

  • Independent verification of all data and outputs
  • Compliance with their own regulatory obligations (SEC, FINRA, state regulators)
  • Suitability determinations for client recommendations
  • Disclosure of third-party tool usage to clients
  • Recordkeeping and supervision requirements

Records & Oversight

Recordkeeping and oversight matter to the professionals we serve. As the platform matures, we are expanding the tools that support them, such as:

  • Activity history within the platform
  • Exportable reports of your work

Trust Information by Audience

Trust and security topics relevant to the different professionals who use Finapolis.

Registered Investment Advisors

Key considerations:

  • Supervisory oversight and audit trails
  • How client data is handled
  • Disclosure of third-party tool usage

Learn more:

Compliance Officers

Key considerations:

  • Our approach to security and data protection
  • Vendor due diligence and third-party risk
  • Access controls and monitoring

Learn more:

Sophisticated Investors

Key considerations:

  • Data accuracy and sourcing
  • AI transparency and its limitations
  • Protection of personal financial data

Learn more:

Contact Security Team

For security inquiries, vulnerability reports, or additional due diligence documentation.

Security Inquiries

For general security questions or due diligence requests:

support@finapolis.com

Vulnerability Disclosure

To report a security vulnerability:

support@finapolis.com

Responsible Disclosure

  • Please report potential vulnerabilities privately, by email
  • Allow us reasonable time to investigate and remediate before any public disclosure
  • We'll acknowledge legitimate reports and keep you updated as we work to resolve them