Security

5 layers between your data
and everything else.

Your financial data passes through 5 layers of protection. Each one designed to ensure nothing gets in, nothing leaks out.

05

Outermost Layer

Authentication

Stops threats before they enter

  • OAuth 2.0 for all third-party integrations
  • Brute force protection and rate limiting on every endpoint
  • Automatic session timeout and refresh token rotation
  • Account lockout after failed attempts
04

Encryption Layer

AES-256 Encryption

Your data is unreadable without the keys

  • All data encrypted in transit using TLS 1.3
  • All data encrypted at rest using AES-256
  • Sensitive fields (bank numbers, tokens) use column-level encryption
  • Encryption keys rotated on regular schedule
03

Isolation Layer

Tenant Isolation

Your data never touches another client’s

  • Every database query hard-scoped by your Tenant ID
  • Row Level Security (RLS) enforced at the database level
  • Cache keys namespaced per tenant
  • AI embeddings isolated per tenant — zero cross-contamination
  • Automated tests verify isolation on every code change
02

Intelligence Layer

Traceable AI

Every answer has a data trail

  • Every AI response logs exactly which data sources were used
  • Ask ‘why did you say this?’ and see the full reasoning path
  • Complete audit log of every action — who, what, when
  • Your data is NEVER used to train models for other clients
01

Core

Your Data

Fully sovereign. Always yours.

  • We read your data to provide insights — we never sell it
  • Export your complete data at any time
  • Right to delete: request full purge anytime
  • 90-day retention after cancellation, then permanent deletion
  • Opt-in only for any feedback or learning features
5 layers active. Your data is protected.

All layers active

How We Build

Development Practices

Vulnerability Scanning

Automated security scanning on every deployment. Dependencies monitored continuously.

Dependency Updates

Automated monitoring. No stale packages with known vulnerabilities ship to production.

Audit Logging

Complete audit trail from day one. Every change, every action, every timestamp.

Access Control

Principle of least privilege. Internal access restricted, logged, and reviewed.

Our Pledge

Plain English Commitments

No legal jargon. Just what we promise.

We will never sell your financial data.

We will never use your data to train models for other clients without your explicit opt-in.

We will always tell you exactly what data we access and why.

We will delete your data completely within 90 days of cancellation.

We will notify you immediately if we detect any security incident.

We will always let you export your full data at any time.

— The EverCFO Team

Your data is protected.
Start with confidence.

AES-256 encryptedTenant isolatedFull audit trail
Get Started
Questions? security@evercfo.ai