How your data stays yours
A wealth practice can only trust software it can verify. Here is exactly how FLIORE keeps every organisation's — and every mandate's — data separated, and how we prove it.
The isolation layers
Organisation isolation
Every business table carries an org_id and a row-level-security policy that resolves it from the authenticated session server-side. One organisation can never read another's rows — the check runs in PostgreSQL, below the application.
Per-mandate client isolation
A portal client is bound to specific mandates. Restrictive policies limit them to exactly those mandates — and make the portal strictly read-only — so a client never sees another mandate's assets, KYC or documents.
Append-only audit trail
Audit entries can be written but not updated or deleted by organisation members. The record of who did what, when, is tamper-resistant at the database level.
Encryption & scoped access
Documents are encrypted at rest and served only through short-lived signed URLs; message bodies are encrypted; AI provider keys are encrypted and owner-only. Secrets are never exported.
Swiss data residency
Data is stored in Switzerland (Zurich region). Where a subprocessor operates elsewhere, a recognised transfer mechanism and encryption in transit apply. See the subprocessors list.
Proven on every deploy
The separation above is not just asserted. An automated isolation test suite spins up a fresh database, seeds two organisations and a portal client, and verifies — as those roles — that cross-organisation and cross-mandate access is impossible and that the audit log cannot be tampered with. It runs on every deploy.
On certifications — straight answer
FLIORE is not yet SOC 2 or ISO 27001 certified. Our controls are designed to those principles — tenant isolation, least-privilege access, encryption, audit logging, documented backup and incident practices — and formal certification is on our roadmap. We would rather tell you exactly where we stand and let you verify the architecture than imply a badge we don't hold. If certification is a procurement requirement for you, tell us in your pilot conversation and we'll map the timeline together.
