Security & Trust
Treated like financial infrastructure, because it is.
Every control is designed for a world where financial data is sensitive, regulated, and auditable. Trust is built into the architecture — not bolted on.
Compliance posture
Aligned to the standards your auditors expect.
SOC 2 Type IIIn progress
ISO 27001In progress
UK GDPRAligned
EU GDPRAligned
Detailed control documentation, sub-processor list, and incident response policy are available on request as part of vendor due diligence.
Control matrix
The controls behind the platform.
Data isolation
- Per-tenant database isolation by default
- Cross-tenant access only via auditable, time-boxed identifiers
- Read-only data resolution for shared records
Authentication & access
- OAuth 2.0 client-credentials for partner integrations
- Scoped API keys with explicit grant lists
- Role-based access control inside every tenant
- Session-scoped JWTs with rotation built in
Secrets & key management
- Argon2id hashing for credentials at rest
- Envelope-encrypted secrets via cloud KMS
- No production secrets in source control
- Quarterly rotation cadence
Auditability
- Immutable audit log for every consent attestation
- Tamper-resistant event log for assessment outputs
- Per-tenant retention policies aligned to regulatory minimums
Network & transport
- TLS everywhere, no plaintext endpoints
- Strict CORS and Content-Security-Policy
- Per-credential rate limiting against credential-stuffing
Borrower consent
- Recorded consent attestation before any data ingestion
- Borrower-visible audit trail of every access
- Granular revocation at the data-source level
Build on the same financial intelligence layer your decisions depend on.
Fiscara is opening early access to lenders, accountants, and platforms who want financial assessments to feel like infrastructure — not a workflow.