Fundry AI Security Whitepaper
Version: 1.0 | Last Updated: March 2026
This document describes how Fundry AI protects customer data. For questions or to request a DPA, contact security@fundry.ai.
1. Architecture Overview
Fundry AI is a SaaS platform that provides AI agent workflows for alternative asset managers. The system processes sensitive financial documents (DDQs, K-1s, LP communications) and produces structured outputs for human review.
Core principle: Process-in-place. Raw documents are never stored on Fundry infrastructure. We connect to customer systems via read-only OAuth, process ephemerally, extract structured data, and delete raw content within 24 hours.
2. Infrastructure & Certifications
| Provider | Role | Certification |
|---|---|---|
| Supabase | Database, Auth, Storage | SOC 2 Type II |
| Vercel | Application Hosting | SOC 2 Type II |
| Anthropic | LLM API (Claude) | SOC 2 Type II |
| OpenAI | Embeddings API | SOC 2 Type II |
| Stripe | Payment Processing | PCI DSS Level 1 |
| Resend | Transactional Email | SOC 2 |
All infrastructure providers maintain independent SOC 2 Type II certifications. Fundry inherits these controls at launch, with plans for an independent SOC 2 Type II audit within 12 months.
3. Data Classification & Handling
| Classification | Examples | Handling |
|---|---|---|
| RESTRICTED | SSN, TIN, bank accounts | PII-stripped before LLM; stored in encrypted vault |
| CONFIDENTIAL | Fund performance, LP names | Processed by Tier 1 LLMs only (Anthropic, Google) |
| INTERNAL | Agent configs, firm settings | Standard database encryption |
| PUBLIC | Marketing content, generic DDQ templates | No restrictions |
PII Detection & Stripping (OWASP LLM08:2025)
Vector embeddings can be reverse-engineered to recover original text. Fundry prevents PII exposure in embeddings through:
1. Pre-processing scan: Regex-based detection for SSN, TIN, bank accounts, phone, email, DOB, addresses
2. Placeholder replacement: PII replaced with numbered placeholders (e.g., [SSN_REDACTED_001])
3. Encrypted vault: Real PII values stored in AES-256-GCM encrypted pii_vault table
4. Post-processing audit: Automated verification that no PII patterns survive in embedding text
5. Pipeline halt on failure: If PII detection fails or has low confidence, document processing stops
4. Encryption
- At rest: AES-256 (Supabase managed) for all database tables
- In transit: TLS 1.3 for all connections (Vercel default)
- Application-level: AES-256-GCM for OAuth tokens and PII vault entries
- Embeddings: PII-stripped text only; no encryption needed since PII is never present
5. Authentication & Access Control
- Authentication: Supabase Auth with MFA support
- Authorization: Row-level security (RLS) on all database tables
- Multi-tenant isolation:
accessible_firm_ids()function enforces firm-scoped data access - Role-based access: Owner, Admin, Member, Viewer roles with distinct permissions
- API enforcement: All API routes verify authentication; tier gating returns 402 for unpermitted features
6. AI Governance
Model Routing
| Tier | Provider | Data Allowed |
|---|---|---|
| Tier 0 (Local) | Self-hosted models | All data including RESTRICTED |
| Tier 1 (High) | Anthropic Claude | CONFIDENTIAL and below |
| Tier 2 (High) | Google Gemini, OpenAI | CONFIDENTIAL and below |
| Tier 3+ | Open-source APIs | PUBLIC data only |
A privacy router enforces these boundaries before every LLM call. Customer data is never sent to Tier 3 providers.
Agent Autonomy Levels
- Level 0 (Automatic): Email scanning, document parsing — no external visibility
- Level 1 (Auto-Draft): DDQ answers, email drafts — human reviews before release
- Level 2 (Human-Required): Critical alerts, anomalous expenses — individual review required
- Level 3 (Human-Only): Sending emails, filing documents — Fundry never performs these actions
Quality Assurance (5-Layer Stack)
1. RAG grounding with source retrieval
2. Per-answer confidence scoring (green >0.85, yellow 0.7-0.85, red <0.7)
3. Evaluator agent review (Claude Opus reviews worker output)
4. Citation trails linking every answer to source documents
5. Human-in-the-loop review queue with approve/edit/reject per item
7. Document Processing Flow
Customer System (Google Drive, Gmail, SharePoint)
↓ Read-only OAuth
Fundry Processing Pipeline
↓ PII detection & stripping
↓ LLM processing (Tier 1 only)
↓ Structured data extraction
↓ Raw document deletion (within 24 hours)
Fundry Database
→ Structured Q&A pairs (encrypted at rest)
→ PII vault (AES-256-GCM encrypted)
→ PII-stripped embeddings (pgvector)8. Incident Response
| Severity | Description | Response Time |
|---|---|---|
| SEV 1 | Data breach, PII exposure | 1 hour |
| SEV 2 | Auth bypass, incorrect output | 4 hours |
| SEV 3 | Feature outage, degraded accuracy | 24 hours |
| SEV 4 | UI bug, cosmetic | 72 hours |
Breach notification: Within 72 hours to affected customers, per GDPR and contractual obligations.
9. Data Retention & Deletion
- Raw documents: Deleted within 24 hours of processing
- Structured data: Customer-controlled; deletable from dashboard at any time
- Agent logs: 7-year retention (SEC recordkeeping compliance)
- PII vault: 90-day default TTL for DDQ/email; 7-year for tax records
- On offboarding: Data deleted within 30 days; customer can export first
10. Compliance
- GDPR: Lawful basis (contract + legitimate interest), data minimization, right to access/erasure/portability
- CCPA: Right to know, delete, opt-out; Fundry does not sell data
- SEC: Human oversight of automated systems; audit trail for all agent outputs
- Regulation S-P: PII protection via encryption, access controls, and process-in-place architecture
Fundry AI is a SaaS tool, not a registered investment adviser, broker-dealer, or compliance consultant. The platform supports but does not replace professional compliance judgment.
11. SOC 2 Roadmap
- Launch: Inherited certifications + DPA + this whitepaper
- Months 1-6: Application-layer controls (RBAC, MFA, audit logging, secrets scanning)
- Months 9-12: Independent SOC 2 Type II audit
12. Contact
- Security inquiries: security@fundry.ai
- DPA requests: legal@fundry.ai
- Sub-processor list: Available at fundry.ai/sub-processors
This document is provided for informational purposes and does not constitute legal advice. Consult legal counsel for compliance determinations specific to your organization.