Institutional-Grade Security

SOC 2 certified hosting

All Flonance infrastructure runs on AWS with SOC 2 Type II certified services. No infrastructure is self-managed or shared with third-party tenants.

Encryption at rest and in transit

All data is encrypted at rest using AES-256. All data in transit uses TLS 1.3. Encryption keys are managed via AWS KMS with automatic rotation.

VPC isolation

Each client environment runs in a dedicated Virtual Private Cloud. No cross-tenant networking. No shared compute.

Invite-only portal

Access to the Flonance platform requires an invitation from an existing admin. There is no self-serve signup.

Role-based permissions

Every user is assigned a role that defines exactly what they can see, review, and approve. Permissions are scoped to the portfolio company level.

MFA required

Multi-factor authentication is mandatory for all accounts. It cannot be disabled by users or firm administrators.

Every action logged

Each item processed by Flonance carries a complete provenance record: source document, extraction timestamp, confidence score, validation rules triggered, and the identity of the approving reviewer.

Immutable audit trail

Audit logs are write-once and cannot be modified or deleted by any user, including administrators. They are retained for a minimum of seven years.

Export on demand

Firms can export full audit trails at any time in structured formats compatible with standard audit tooling.

No funds movement — ever

Flonance does not have access to bank accounts, payment rails, or treasury systems. It can only draft ERP entries. It cannot initiate or authorize any financial transaction.

No action without human approval

No entry is posted to any ERP system without a named human approving it. This constraint is architectural, not configurable.

95% confidence threshold

Items that do not meet the 95% confidence threshold are routed to triage, not auto-posted. The threshold cannot be lowered by configuration.