Back to home

Security at Ceewire

Enterprise-grade protection for your financial intelligence. Your data is safeguarded at every layer.

Your Data. Your Control.

No AI Training on Your Data

Your proprietary data is never used to train AI models. Your queries and documents remain exclusively yours.

Encrypted Everywhere

All data is encrypted in transit (TLS) and at rest. Sensitive fields — including chat messages, webhook URLs, and email addresses — are encrypted at the application level using AES-128 with HMAC verification. Passwords are stored using NIST-compliant hashing.

Instant Session Control

Short-lived access tokens, secure session rotation, and instant revocation across all devices when you change your password or log out.

Secure by Design

Authentication & Access Control

  • Every request is authenticated — no implicit trust
  • Change your password and all existing sessions are immediately invalidated
  • Organization-based data isolation — your data is separated from other tenants
  • Platform admin roles with dedicated enforcement

Coming soon

  • Granular Role-Based Access Control (RBAC)
  • Multi-Factor Authentication (MFA)
  • SAML SSO, SCIM provisioning, and Directory Sync
Application Security

Input Validation

Every request is validated against strict schemas. Malformed or unexpected data is rejected before it reaches our systems.

Injection Protection

All database operations use parameterized queries. User input is never interpolated into commands.

Cross-Site Protection

Built-in defences against CSRF and XSS attacks, with strict cookie policies and automatic output sanitisation.

Infrastructure

Today

  • Automatic TLS termination with managed certificates
  • Strict cross-origin policies — only our production domain is allowed
  • Network isolation — databases are never exposed to the public internet
  • Rate limiting on public-facing endpoints
  • Minimal-surface containerised deployments
  • Application-level encryption at rest for sensitive database fields

Actively Pursuing

  • Comprehensive security headers (CSP, HSTS, and more)
  • Automated vulnerability scanning in CI/CD
  • Third-party penetration testing
  • Data region support (US / Europe) for residency requirements
Compliance & Privacy
No AI Training PolicyActive
Data Encryption in TransitActive
Data Encryption at RestActive
Password Security (NIST-compliant)Active
SOC 2 Type IIIn Progress
GDPRIn Progress
Bring Your Own LLMRoadmap
Single-Tenant DeploymentRoadmap
Monitoring

All API usage is logged per user and per session — including model, operation type, and resource consumption. All events are timestamped in UTC.

Coming soon: comprehensive audit trails for all data access and modifications.

Have security questions?

We're happy to discuss our security practices in detail.

Contact [email protected]