Early Adopter Program — Now Open
Trust Center

Security, Privacy & Governance.

Built for regulated financial operations: strong access controls, audit-ready evidence capture, and flexible deployment options for procurement and compliance needs.

Security Architecture

Data Residency

Deploy on your private cloud, on-premise, or our dedicated VPCs. You choose where your data lives. All processing within your VPC boundaries.

Immutable Audit Trail

Every action — from rule creation to break resolution — is logged with WORM (Write Once, Read Many) compliance. Full reasoning traces for every AI decision.

Zero Trust RBAC

Granular role-based access control with multi-tenant isolation. Row-level security ensures users only see what they are explicitly authorized to access.

AI Privacy & Data Processing

Your data never trains models. All LLM inference runs within your environment. Stateless calls with no data persisted by AI providers.

Data Processing Engine

✓ Proprietary engine — in-memory processing, no persistent intermediate data

✓ Zero-copy memory architecture — optimised data sharing

✓ Tenant-isolated processing pipelines

✓ No customer data stored in AI model context after session ends

AI Inference Security

✓ VPC-contained inference — no data leaves your environment

✓ Provider-agnostic — switch between Claude, open-source models, or other providers without code changes

✓ 3-layer guardrail system: Input, Execution, Output

✓ Sensitive data detection and anonymisation before AI calls

Human-in-the-loop AI — analyst collaborating with AI in a trading environment

Compliance Ready

FopsAI is designed to meet the rigorous standards of global financial institutions. We are pursuing SOC 2 Type II certification.

SOC 2 Type II (In Progress)
GDPR Compliant
ISO 27001 Aligned
SOC 2
In Progress
AES-256
99.9% SLA
WORM

Explainable Decisions (Glass Box)

In regulated environments, "the computer said so" is not enough. FopsAI is designed to capture evidence and reasoning so teams can operate with confidence and auditability.

Glass Box AI — audit-ready explainable AI in a compliance environment

Audit Evidence

✓ Who did what, and when — with trace IDs across all services

✓ Inputs, outputs, and key parameters for every AI decision

✓ Approvals for high-impact actions (Maker-Checker)

Human-in-the-Loop

✓ Review thresholds and maker-checker patterns

✓ Policy guardrails and tool allow-lists

✓ Cost ceilings, step limits, and circuit breakers

AI Transparency

How we approach AI in regulated operations

We focus on governance: clear controls, evidence capture, and privacy-first design. Exact configurations vary by deployment and customer requirements.

Models

✓ Provider-agnostic model access (per-tenant)

✓ Policy guardrails (allow-lists, budgets, safety controls)

✓ Tool schemas and prompts designed for auditability

✓ Automatic fallback chains across providers

Data Flow

✓ Residency controls (where data is processed)

✓ Sensitive data detection and anonymisation before AI calls

✓ No customer data used for training without explicit agreement

✓ Stateless LLM calls — no data persisted by providers

Controls

✓ Human-in-the-loop for low-confidence/high-impact actions

✓ Approvals, audit logs, and access governance

✓ Circuit breakers (step limits, tool call limits, budget caps)

✓ Self-correction loops with guardrail enforcement

Privacy

✓ Tenant isolation and least-privilege access

✓ Cloud audit logging with invocation tracking (7-year retention)

✓ VPC-contained inference — data never leaves your environment

✓ Deployment options for stricter requirements

Built for Global Regulatory Expectations

We don't claim "one-click compliance". We focus on the capabilities regulators and internal risk teams consistently expect: controls, evidence, access governance, retention, and operational resilience.

United States

• T+1 settlement, live since May 2024 (SEC Rule 15c6-1) — automation built for compressed timelines

• Books, records and WORM-style retention (SEC Rule 17a-4, FINRA)

• Model risk management for AI and analytics (Fed/OCC SR 11-7)

• Third-party and vendor risk governance (2023 Interagency Guidance)

United Kingdom

• T+1 settlement from 11 October 2027 — same-day affirmation and exception management

• Client asset protections and reconciliations (FCA CASS 6 & 7)

• Operational resilience for important business services (PRA/FCA SYSC 15A)

• Senior management accountability and audit evidence (SM&CR)

European Union

• T+1 settlement from 11 October 2027 (CSDR) and settlement discipline

• Portfolio reconciliation for OTC derivatives (EMIR)

• ICT and operational resilience, incl. third-party risk (DORA)

• Data protection (GDPR) and the phased EU AI Act