ElmWater AITrust & Compliance
Your data sovereignty is our core principle. We build trust through transparent practices, rigorous compliance, and absolute respect for your data privacy.
Compliance & Security Standards
Built to meet the highest standards in financial services and data security
SOC 2 Type II
Certification in progress for security, availability, processing integrity, confidentiality, and privacy
FINRA-Ready Infrastructure
Built to support broker-dealers and firms subject to FINRA regulations with audit trails, record retention, and compliance features
SEC Compliance Support
Designed for SEC-regulated institutions with features that support investment adviser and broker-dealer compliance requirements
How We Use Your Data
Our commitment to data privacy and security is unwavering
Data Sovereignty
Your data remains entirely within your infrastructure. We never access, store, or process your proprietary data on our servers. All model training and inference happen within your secure private environment.
Zero Data Retention
We do not store your data. All analysis is performed in real-time within your environment, and no data persists on our systems. Once processing is complete, your data remains only where you control it.
No External Training
Your proprietary data is never used to train models outside of your dedicated instance. We do not aggregate, share, or use your data for any purpose other than serving your specific AI needs.
End-to-End Encryption
All data in transit and at rest is encrypted using industry-standard protocols. We use TLS 1.3 for all communications and AES-256 encryption for data storage within your environment.
Audit Trails
Complete audit logging for all data access and model operations. Every interaction with your data is logged and can be reviewed for compliance and security purposes.
Access Controls
Role-based access control (RBAC) with granular permissions. You maintain full control over who can access your data and models, with support for multi-factor authentication and single sign-on.
Our Commitment to You
Data sovereignty is non-negotiable. Your proprietary data is yours alone. We provide the AI technology and expertise, but you maintain complete ownership and control of your data at all times.
Our models operate entirely within your secure private environment. We do not collect, store, or access your data beyond what is necessary to provide the AI services you've requested. Every interaction with your data is logged and auditable.
We are actively pursuing SOC 2 Type II certification and regularly undergo third-party security audits to demonstrate our commitment to the highest standards of security and compliance in financial services.
Security Features
Private Cloud Deployment
All AI models run within your infrastructure—cloud, hybrid, or on-premises. No data ever leaves your environment.
Role-Based Access Control
Granular permissions with support for multi-factor authentication (MFA) and single sign-on (SSO).
Complete Audit Logging
Every data access and model operation is logged with timestamps, user identification, and action details.
Regular Security Audits
Third-party penetration testing and security assessments conducted on a regular schedule.
Data Encryption
TLS 1.3 for data in transit and AES-256 encryption for data at rest.
Regulatory-Ready Features
Built to support compliance with FINRA, SEC, and other financial regulatory requirements with features like audit trails, record retention, and data security controls.
Questions About Security?
Our security team is available to discuss our compliance practices and answer any questions about data privacy.
Contact Security Team