Security and compliance
Security and compliance.
Customer capital and personal data require a defensible operational posture. Security and compliance are integrated into engineering from the outset.
01
Swiss data residency
Customer data is held in Switzerland by default. Workload locations are disclosed and client-specific residency requirements are accommodated.
02
Encryption
TLS 1.2+ in transit. AES-256 at rest. Key management is isolated from the application plane. High-value secrets are stored in hardware-backed key stores.
03
Regulatory frameworks
Compliance with the Swiss Federal Act on Data Protection, the EU General Data Protection Regulation where applicable, and FinSA / FinIA for financial-services contexts.
04
Operational controls
Least-privilege access, audit logging on sensitive operations, deployment gating, and secret rotation.