Access control
RBAC + fund entitlements
Security & Trust
Controls designed for institutional scrutiny.
Isolation, permissions, immutable logs, and controlled transitions are built into every workflow execution path.
Identity + Scope
Control Check
Immutable Evidence
Isolation
Tenant boundary enforcement
Auditability
Immutable event trace
Operational readiness
Runbooks and pilot gates
Controls
Security architecture
01
Scope enforcement
Six roles (Admin, CFO, Controller, IR, Compliance, Investment) with fund-level entitlements constraining every action to authorized scope. Chinese walls enforced via explicit fund access lists in JWT claims.
02
Data boundary control
Multi-tenant isolation with tenant_id on every business table. SQLAlchemy middleware auto-filters all queries. AES-256-GCM encryption on sensitive fields: TIN, IBAN, passport numbers.
03
Audit immutability
Database triggers prevent UPDATE and DELETE on audit_logs and calc_runs. Journal entries are reversed, never edited. Waterfall runs transition to SUPERSEDED, never modified in place.
04
Idempotency and state guards
Idempotency-Key headers required on 12 sensitive endpoints. Status machines enforce valid transitions only. No accidental duplicate operations on capital calls, distributions, or waterfall runs.
Infrastructure
Production architecture
Hosting
AWS eu-north-1 (Stockholm). GDPR-compliant EU jurisdiction. NGINX reverse proxy with TLS, rate limiting, and security headers (HSTS, CSP, X-Frame-Options).
Data layer
PostgreSQL 16 with pgcrypto, pg_trgm, and btree_gist extensions. Redis 7 for Celery task broker and caching. MinIO for document storage.
Monitoring
Prometheus metrics collection with Grafana dashboards. Sentry error tracking. Structured logging via structlog with correlation IDs across requests.
Review our security controls
Schedule a walkthrough of RBAC, tenant isolation, audit immutability, and encryption architecture.