Security and trust — what we did, what we don't claim

Authentication

• Mandatory MFA for every role on every login (TOTP only — no SMS, no email backup)
• 10 single-use SHA-256 recovery codes per user
• MasterAdmin-only MFA reset
• 7-role hierarchy: MasterAdmin > SuperAdmin > SystemAdmin > Owner > Analyst > InvoiceApprover > Viewer
• Session tokens follow OWASP guidance

Per-CompanyCode credential isolation

Every external credential — SAP, Azure OCR, Azure Blob, Gemini, Anthropic, OpenAI, SMTP — is stored AES-256-encrypted in CompanyTechnicalSettings, scoped per CompanyCode. No credential lives in code. No credential is shared across tenants.

A multi-CompanyCode group rotates a SAP user password for one CompanyCode without touching the others. A pilot customer tries Anthropic in their dev tenant while production stays on Gemini. A regional entity points OCR at a different Azure tenant for data residency.

This is not bolt-on — it's how the schema is shaped.

Multi-provider AI with per-tenant pick

Gemini is the default LLM. Anthropic and OpenAI are live alternative adapters. Each tenant has a model picker; live ListModels means new models become available without a redeploy. Pick per tenant, per CompanyCode, per use case.

Why it matters: data residency, cost, and provider-risk diversification. A GCC customer can pin their model choice to a region; a cost-sensitive team can prefer Gemini Flash; a regulated team can pick the model that fits their procurement.

Role hierarchy

The 7 roles, top to bottom:

• MasterAdmin — platform-level control; only role that can reset MFA
• SuperAdmin — manages tenants, users, and global settings
• SystemAdmin — manages SAP and external credentials per CompanyCode
• Owner — full access within a tenant; manages workflows and rules
• Analyst — reads dashboards, runs scans, exports reports
• InvoiceApprover — reviews and approves invoices in the AP queue
• Viewer — read-only access to assigned dashboards

Database isolation

PostgreSQL with row-level security policies on 35+ tenant tables. Tenant context is set per request and the database enforces visibility — even if an application bug tried to leak data, the database would refuse the query.

Hosting and data residency

Google Cloud Run for compute. Google Cloud SQL for PostgreSQL. Azure Blob Storage for document storage. Region selection per tenant where supported. We list the regions and providers explicitly because some buyers (GCC, EU) need to know.

What we don't (yet) claim

We have not (yet) certified SOC 2, ISO 27001, GDPR DPA, or any other formal compliance regime publicly. We've engineered toward those frameworks. We can share the engineering controls we've shipped, in a written architecture brief, under NDA.

If you need a certification today, we are not your fit today. If you need to evaluate a platform that's engineered toward those certifications and is willing to be specific about which controls are in place, we are.

Frequently asked questions

Is Fin4Sight SOC 2 certified?

Not yet. Engineering controls are in place. A written architecture brief is available under NDA.

Where does my data live?

PostgreSQL on Google Cloud SQL. Document blobs on Azure Blob Storage. Region selection per tenant where the provider supports it.

What MFA factors are supported?

TOTP only — no SMS, no email backup. 10 single-use SHA-256 recovery codes per user.

Who can reset MFA?

Only MasterAdmin. By design.