Security & Trust

Toolkit handles sensitive financial data with the controls and transparency enterprise finance teams expect.

End-to-end encryption

We protect your data at every stage. All information is secured with industry-standard TLS encryption in transit and AES-256 encryption at rest.

Zero data retention

LLM providers operate under zero-retention agreements. Your data is never used to train models.

Private cloud infrastructure

Toolkit runs inside a Google Cloud VPC with private networking, IAM-based database authentication, and default-deny firewall rules.

Data segregation

Customer data is logically separated at the database level with access enforced at the API layer.

Least privilege access

Role-based access controls follow least-privilege and need-to-know principles.

Continuous monitoring

24/7 automated infrastructure monitoring with real-time alerting on anomalies.

SOC 2® Type 2 compliant

Toolkit has completed an independent SOC 2® Type 2 audit. The full report and details of our security controls are available in our Trust Center.

AICPA SOC 2 — SOC for Service Organizations
Visit Trust Center