FLIORE
SECURITY ARCHITECTURE

How your data stays yours

A wealth practice can only trust software it can verify. Here is exactly how FLIORE keeps every organisation's — and every mandate's — data separated, and how we prove it.

Organisation AMandate A1assets · KYC · docsMandate A2assets · KYC · docsPortal client (Mandate A1)sees only A1 — never A2, never Org BRLS boundaryOrganisation BMandate B1fully invisible to Organisation AEnforced in the database, not the app layer

The isolation layers

Organisation isolation

Every business table carries an org_id and a row-level-security policy that resolves it from the authenticated session server-side. One organisation can never read another's rows — the check runs in PostgreSQL, below the application.

Per-mandate client isolation

A portal client is bound to specific mandates. Restrictive policies limit them to exactly those mandates — and make the portal strictly read-only — so a client never sees another mandate's assets, KYC or documents.

Append-only audit trail

Audit entries can be written but not updated or deleted by organisation members. The record of who did what, when, is tamper-resistant at the database level.

Encryption & scoped access

Documents are encrypted at rest and served only through short-lived signed URLs; message bodies are encrypted; AI provider keys are encrypted and owner-only. Secrets are never exported.

Swiss data residency

Data is stored in Switzerland (Zurich region). Where a subprocessor operates elsewhere, a recognised transfer mechanism and encryption in transit apply. See the subprocessors list.

Proven on every deploy

The separation above is not just asserted. An automated isolation test suite spins up a fresh database, seeds two organisations and a portal client, and verifies — as those roles — that cross-organisation and cross-mandate access is impossible and that the audit log cannot be tampered with. It runs on every deploy.

On certifications — straight answer

FLIORE is not yet SOC 2 or ISO 27001 certified. Our controls are designed to those principles — tenant isolation, least-privilege access, encryption, audit logging, documented backup and incident practices — and formal certification is on our roadmap. We would rather tell you exactly where we stand and let you verify the architecture than imply a badge we don't hold. If certification is a procurement requirement for you, tell us in your pilot conversation and we'll map the timeline together.

Back to security overviewBook a demo
Security architecture — how FLIORE isolates your data · FLIORE